"This 2009 Ponemon Institute 2009 Annual Study: Cost of a Data Breach - Understanding Financial Impact, Customer Turnover, and Preventive Solutions examines the costs incurred by 45 organizations after experiencing a data breach. Results were not hypothetical responses; they represent the cost estimates of activities resulting from the actual data loss incidents. This is the fifth annual survey of this issues. Breaches included in the survey included ranged from approximately 5,000 records to more than 101,000 records from 15 different industry sectors."

Follow up to previous postings on Follow up to previous postings on missing White House emails during Bush administrations, from the National Security Archive: "Pursuant to a settlement reached between the National Security Archive and the White House Executive Office of the President (EOP), the White House today issued a letter describing critical aspects of the EOP unclassified network e-mail preservation and archiving system now used in the White House. Among other specifics, the letter describes:

• Automated capture and preservation of all e-mail and Blackberry messages sent or received on the EOP’s unclassified network;
  
• Documents segregated into component-specific repositories and broad search capabilities that improve the ability to find e-mail records in response to legal or administrative needs;
  
• Blocking of access to personal and external Web-based e-mail systems from White House unclassified workstations;
  
• Controls against unauthorized deletion of e-mails and an accounting of any deleted e-mails;
  
• Systematic emergency recovery backups of the system; and
  
• Automatically generated audit reports and system health-check dashboard reports to assist in the identification of problems."

Follow up to previous postings on government implementation of whole body scanning technology at airports, news that EPIC has posted more than 250 pages of documents it obtained in a Freedom of Information Act lawsuit concerning body scanners. The documents, released by the Department of Homeland Security, reveal that Whole Body Imaging machines can record, store, and transmit digital strip search images of Americans. This contradicts assurances made by the TSA. The documents include TSA Procurement Specifications, TSA Operational Requirements, TSA contract with L3, TSA contract with Rapiscan (1), and TSA contract with Rapiscan (2). The DHS has withheld other documents that EPIC is seeking."

News release: "Today, Citizens for Responsibility and Ethics in Washington (CREW) and the National Security Archive (NSA) reached a final settlement of their long-running lawsuits challenging the failure of the Bush White House and the National Archives and Records Administration (NARA) to take any action after confronted with evidence that millions of emails had gone missing from Bush White House servers over a two and one-half year period. The lawsuits followed CREW’s revelation in April 2008 that the White House had discovered the problem in the fall of 2005. Nevertheless, the Bush White House failed to recover or restore the missing emails and knowingly continued to use a broken system for preserving electronic records. Under the terms of the settlement, the Executive Office of the President (EOP) will restore a total of 94 days of missing emails, which will then be sent to NARA for preservation and eventual access under either the Presidential Records Act or the Federal Records Act."

Medicare Part D Plan Sponsor Electronic Prescribing Initiatives (OEI-05-08-00322), Otober 16, 2009

News release: "ChoicePoint, Inc., one of the nation’s largest data brokers, has agreed to strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order. This failure left the door open to a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft. ChoicePoint has now agreed to a modified court order that expands its data security assessment and reporting duties and requires the company to pay $275,000. In April 2008, ChoicePoint (now a subsidiary of Reed Elsevier, Inc.) turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days. After discovering the breach, the company brought the matter to the FTC’s attention."

Using Technology To Estimate, Control And Manage Litigation Document Review Budgets: Conrad J. Jacoby details approaches and exercises that contribute to a successful process for calculating - and staying within - a realistic budget for a litigation or regulatory document review.

News release: "Individuals’ genetic information will have greater protections through new regulations issued today by the U.S. Departments of Health and Human Services (HHS), Labor, and the Treasury. The interim final rule will help ensure that genetic information is not used adversely in determining health care coverage and will encourage more individuals to participate in genetic testing, which can help better identify and prevent certain illnesses."

• Interim Final Rules Prohibiting Discrimination Based on Genetic Information in Health Insurance Coverage and Group Health Plans
  
• Fact Sheet
  
• Research Exception Form

Legal Implications of Cloud Computing - Part One (the Basics and Framing the Issues) - Attorney David Navetta contends that there there will be significant financial pressure on organizations to take advantage of the pricing and efficiency of cloud computing, and if attorneys fail to understand the issues ahead of time there is a serious risk of getting "bulldozed" into cloud computing arrangements without time or resources to address some serious legal issues that are implicated.

News release: " The Federal Trade Commission has issued a final rule requiring certain Web-based businesses to notify consumers when the security of their electronic health information is breached. Congress directed the FTC to issue the rule as part of the American Recovery and Reinvestment Act of 2009. The rule applies to both vendors of personal health records – which provide online repositories that people can use to keep track of their health information – and entities that offer third-party applications for personal health records. These applications could include, for example, devices such as blood pressure cuffs or pedometers whose readings consumers can upload into their personal health records. Consumers may benefit by using these innovations, but only if they are confident that their health information is secure and confidential."

Audit Report, Protection of the Department of Energy's Unclassified Sensitive Electronic Information - DOE/IG-0818 August 2009:

New York Times, And You Thought a Prescription Was Private : "...in fact, prescriptions, and all the information on them — including not only the name and dosage of the drug and the name and address of the doctor, but also the patient’s address and Social Security number — are a commodity bought and sold in a murky marketplace, often without the patients’ knowledge or permission...

Blackberry Apps for Lawyers: Nicole Black highlights an assortment of Blackberry applications for research, document management, mobile communications, music, dictation and more - all of which would benefit just about any law practice.

• Combating Gangs: Better Coordination and Performance Measurement Would Help Clarify Roles of Federal Agencies and Strengthen Assessment of Effort, GAO-09-708, July 24, 2009
• Electronic Records Archive: The National Archives and Records Administration's Fiscal Year 2009 Expenditure Plan, GAO-09-733, July 24, 2009
• Federal-Aid Highways: FHWA Has Improved Its Risk Management Approach, but Needs to Improve Its Oversight of Project Costs, GAO-09-751, July 24, 2009
• Juvenile Justice: Technical Assistance and Better Defined Evaluation Plans Will Help to Improve Girls' Delinquency Program, GAO-09-721R, July 24, 2009
• Project BioShield Act: HHS Has Supported Development, Procurement, and Emergency Use of Medical Countermeasures to Address Health Threats, GAO-09-878R, July 24, 2009
• National Transportation System: Options and Analytical Tools to Strengthen DOT's Approach to Supporting Communities' Access to the System, GAO-09-753, July 17, 2009
• Transportation Security: Key Actions Have Been Taken to Enhance Mass Transit and Passenger Rail Security, but Opportunities Exist to Strengthen Federal Strategy and Programs, GAO-09-678, June 24, 2009

E-Discovery Update: E-Discovery in the $50,000 Case - Conrad J. Jacoby's focus for this column is smaller legal disputes that may involve electronic evidence, including divorce proceedings and child custody matters, as well as criminal cases, all of which may require review of cell phone call records, SMS and e-mail exchanges.

E-Discovery Update: Revisiting ESI Agreements and Court Orders - Conrad J. Jacoby focuses on the new requirement that litigants must meet early in a dispute to discuss the scope of discovery work to reach agreement on how best to proceed with the discovery of potentially relevant electronically stored information (“ESI”). What happens, though, when fundamental assumptions used to reach agreement at that early stage in the case turn out to be incorrect?

Ahead of the Curve: In 2009, Your Lawyers Are Your Best Knowledge Management Resource - Gretta Rusanow outlines her recommendations on why this year presents an excellent opportunity to work on those long-desired collections of models, best practice documents, sample clauses and know how files.

"The American Recovery and Reinvestment Act of 2009, adopted by the House this week, includes strong privacy provisions ("Subtitle D - Privacy") for the proposed medical health network. Among the key provisions: a ban on the sale of health information, audit trails, encryption, rights of access, improved enforcement mechanisms, and support for advocacy groups to participate in the regulatory process. Patient Privacy Rights has expressed support for the legislation. A similar bill, S. 336, is pending in the Senate. Senator Leahy has called for strong safeguards to protect America's health privacy. For more information, see EPIC's page on Medical Privacy."

• Homeland Defense: Actions Needed to Improve Management of Air Sovereignty Alert Operations to Protect U.S. Airspace, GAO-09-184, January 27, 2009
• Medicare: Callers Can Access 1-800-MEDICARE Services, but Responsibility within CMS for Limited English Proficiency Plan Unclear, GAO-09-104, December 29, 2008
• Electronic Health Records: DOD's and VA's Sharing of Information Could Benefit from Improved Management, GAO-09-268, January 28, 2009
• Military Training: Navy and Air Force Need to More Fully Apply Best Practices to Enhance Development and Management of Combat Skills Training, GAO-09-220R, January 28, 2009

News release: "CDT today released a major policy paper intended to move the health privacy debate from its outdated focus on patient consent to a comprehensive framework that will provide more effective privacy protection. CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network. CDT's paper argues that personal health information should easily flow for treatment, payment, and certain core administrative tasks without requiring patient consent, but that stricter limits need to be placed on marketing and other secondary uses."

• Information Technology: Demand for the Social Security Administration's Electronic Data Exchanges Is Growing and Presents Future Challenges, GAO-09-126, December 04, 2008: "Through more than 3,000 data exchanges with federal and state agencies, SSA both receives incoming data to support its own programs and provides outgoing data to support programs of other federal and state agencies. Most of these exchanges involve collecting incoming electronic data from other agencies, primarily to support the administration of Social Security benefits programs. The outgoing data from SSA to other federal and state agencies typically provide Social Security number verifications or are used to implement payment offsets in support of other agencies’ business operations. In this regard, the agency performs more than a billion transactions to verify Social Security numbers for federal and state agencies each year."
• National Marine Fisheries Service: Improvements Are Needed in the Federal Process Used to Protect Marine Mammals from Commercial Fishing, GAO-09-78, December 08, 2008: "Because marine mammals, such as whales and dolphins, often inhabit waters where commercial fishing occurs, they can become entangled in fishing gear, which may injure or kill them - this is referred to as “incidental take.” The 1994 amendments to the Marine Mammal Protection Act (MMPA) require the National Marine Fisheries Service (NMFS) to establish take reduction teams for certain marine mammals to develop measures to reduce their incidental takes. GAO was asked to determine the extent to which NMFS (1) can accurately identify the marine mammal stocks— generally a population of animals of the same species located in a common area — that meet the MMPA’s requirements for establishing such teams, (2) has established teams for those stocks that meet the requirements, (3) has met the MMPA’s deadlines for the teams subject to them, and (4) evaluates the effectiveness of take reduction regulations. GAO reviewed the MMPA, and NMFS data on marine mammals, and take reduction team documents and obtained the views of NMFS officials, scientists, and take reduction team members."

Metadata - What Is It and What Are My Ethical Duties?: Jim Calloway explains why every lawyer needs to understand a few basic things about metadata. He contends that the legal ethics implications of metadata “mining” are no longer just of interest to the lawyers processing electronic discovery, or the ethics mavens.

Editorial - Exit Stonewalling: "...E-mail messages that have gone suspiciously missing are estimated to number in the millions. These could illuminate some of the administration’s darker moments, including the lead-up to the Iraq war, when intelligence was distorted, the destruction of videotapes of C.I.A. torture interrogations, and the vindictive outing of the C.I.A. operative Valerie Plame Wilson. The deep-sixed history also includes improper business conducted by more than 50 White House appointees via e-mail at the Republican Party headquarters. Historians and archivists are suing the administration. We should be grateful for their efforts. Entire days of e-mail records have turned up conveniently blank at the offices of President Bush and Vice President Dick Cheney."

Presidential Libraries: The Federal System and Related Legislation, Updated November 26, 2008.

New York Times: "The National Archives has put into effect an emergency plan to handle electronic records from the Bush White House amid growing doubts about whether its new $144 million computer system can cope with the vast quantities of digital data it will receive when President Bush leaves office on Jan. 20. The technical challenge was an inevitable result of the explosion in cybercommunications, which will make the electronic record of the Bush years about 50 times as large as that left by the Clinton White House in 2001, archives officials estimate. The collection will include top-secret e-mail tracing plans for the Iraq war..."

CDT: "HHS Secretary Leavitt announced new key privacy principles for electronic health information exchange. In addition, HHS’s Office of Civil Rights published new HIPAA Privacy Rule guidance, which provides important clarifying information on how the Privacy Rule governs covered entities engaged in electronic health information exchange. For example, it clarifies when covered entities must enter into business associate agreements with health information exchanges; it also makes clear that HIPAA Privacy and Security Rules cover consumer personal health records offered by covered entities. However, the guidance merely encourages the adoption of stronger privacy and security policies consistent with the new principles. CDT calls on Congress and the new Administration to implement a comprehensive, enforceable framework of protections for personal health information that builds public trust and facilitates widespread adoption of health IT."

E-Discovery Update: My E-Discovery Holiday Wish List - Conrad J. Jacoby's holiday wish is for the legal community to finally develop one or more judicially accepted standards that can be used to craft consistent ways of requesting and producing information. With baseline procedures in place, both producing and requesting parties, as well as judges, will be able to make more informed decisions about the need for discovery and the way in which such discovery should be conducted.

You’re Leaving a Digital Trail. What About Privacy? by John Markoff: "Propelled by new technologies and the Internet’s steady incursion into every nook and cranny of life, collective intelligence offers powerful capabilities, from improving the efficiency of advertising to giving community groups new ways to organize. But even its practitioners acknowledge that, if misused, collective intelligence tools could create an Orwellian future on a level Big Brother could only dream of. Collective intelligence could make it possible for insurance companies, for example, to use behavioral data to covertly identify people suffering from a particular disease and deny them insurance coverage. Similarly, the government or law enforcement agencies could identify members of a protest group by tracking social networks revealed by the new technology."

• Approaches to Mitigate Freight Congestion, GAO-09-163R, November 20, 2008
• Department of Homeland Security: Billions Invested in Major Programs Lack Appropriate Oversight, GAO-09-29, November 18, 2008
• Contract Management: DOD Developed Draft Guidance for Operational Contract Support but Has Not Met All Legislative Requirements, GAO-09-114R, November 20, 2008
• Health Information Technology: More Detailed Plans Needed for the Centers for Disease Control and Prevention's Redesigned BioSense Program, GAO-09-100, November 20, 2008
• International Environmental Oversight: U.S. Agencies Follow Certain Procedures Required by Law, but Have Limited Impact, GAO-09-99, November 20, 2008

CRS Report - Presidential Transitions: Issues Involving Outgoing and Incoming Administrations, October 23, 2008.

Follow up on postings related to the White House visitor logs, this news release: "U.S. District Court Judge Colleen Kollar-Kotelly issued a preliminary injunction in CREW, et al. v. Cheney et al., requiring Vice President Cheney, the Office of the Vice President, the Executive Office of the President, that archivist and the National Archives and Records Administration to preserve all vice presidential records, broadly defined to encompass all records relating to the vice president carrying out his constitutional, statutory or other official or ceremonial duties."

Commentary: New FBI Anti-Terror Guidelines - Beth Wellington's commentary focuses on congressional and public response to the guidelines, related public surveillance actions, and on ramifications to civil liberties now and in future.

DOJ FOIA Post: "In light of Section 9 [Section 9 amends 5 U.S.C. § 552(f), the definitions provision of the FOIA, by including in the definition of “record” any information “maintained for an agency by an entity under Government contract, for the purposes of records management.” This provision makes clear that records, in the possession of Government contractors for purposes of records management, are considered agency records for purposes of the FOIA] of the OPEN Government Act, it is important for agencies to ensure that their searches for records in response to FOIA requests include any potentially responsive agency records that may be in the possession of an entity under contract with the agency for purposes of records management. Any agency employing such a government contractor to manage or store its records must institute appropriate procedures to allow it to search for and identify agency records that may be responsive to a FOIA request that are in the possession of that records management-contractor. Given that the clear intent of this provision is to clarify that the location of the agency records in the hands of the contractor for records management purposes does not remove the records from the scope of the FOIA, such records must be capable of being searched in response to FOIA requests. If responsive agency records are located in the possession of the records management-contractor, they should be forwarded to the appropriate FOIA office within the agency for processing. Such records must be identified and handled by the agency just as if they had been in the possession of the agency in the first instance."

E-Discovery Update: Producing Spreadsheets in Discovery – 2008

CDT: "In comments filed with the Department of Homeland Security today, CDT highlighted privacy concerns implicated by DHS' new system of databases to record personal information and border crossing history. CDT called on DHS to reduce the 15-year period for retaining records of the date, time and place an American re-enters the United States at the land borders, and to limit the vast array of "routine uses" for which that data can be shared with other government agencies, foreign governments, and the public. In related comments, CDT urged DHS to work with states and other issuers of new "enhanced drivers licenses" to provide the department with access only to personal information about drivers crossing the border rather than information about all those holding EDLs, and to ensure that states do not create their own records of drivers' border crossing activities."

• CDT Comments on Border Crossing Information System of Records [PDF] August 25, 2008
  
• CDT Comments on Non-Federal Entity Data System of Records [PDF] August 25, 2008

The Third Branch: "To protect the privacy of litigants, the Federal Rules of Practice and Procedure require that certain personal data identifiers be modified or partially redacted from federal court case files. These identifiers are Social Security numbers, dates of birth, financial account numbers, and names of minor children, and in criminal cases, also home addresses. In all cases, it is the responsibility of the attorney and the parties in the case to redact personal identifiers...

Many courts, such as the District of Arizona and the Northern District of California, have posted information to their websites on effective redaction techniques. For a look at their tips, visit their websites at: https://ecf.cand.uscourts.gov/cand/faq/tips/redacting.htm or http://www.azd.uscourts.gov/azd/cm-ecf.nsf/docview/files/$file/redaction.pdf"

• Telecommunications: Agencies Are Generally Following Sound Transition Planning Practices, and GSA Is Taking Action to Resolve Challenges, GAO-08-759, June 27, 2008
• Tax Expenditures: Available Data Are Insufficient to Determine the Use and Impact of Indian Reservation Depreciation, GAO-08-731, June 26, 2008
• Electronic Health Records: DOD and VA Have Increased Their Sharing of Health Information, but More Work Remains, GAO-08-954, July 28, 2008
• Bankruptcy Reform: Dollar Costs Associated with the Bankruptcy Abuse Prevention and Consumer Protection Act of 2005, GAO-08-697, June 27, 2008
• Prescription Drugs: FDA's Oversight of the Promotion of Drugs for Off-Label Uses, GAO-08-835, July 28, 2008
• DOD Business Systems Modernization: Key Marine Corps System Acquisition Needs to Be Better Justified, Defined, and Managed, GAO-08-822, July 28, 2008
• Financial Audit Manual: Volume 1, July 2008, GAO-08-585G, July 25, 2008
• Financial Audit Manual: Volume 2, July 2008, GAO-08-586G, July 25, 2008

• Government Performance: 2007 Federal Managers Survey on Performance and Management Issues: (GAO-08-1036SP, July 2008), an E-supplement to GAO-08-1026T, GAO-08-1036SP, July 24, 2008
• Government Performance: Lessons Learned for the Next Administration on Using Performance Information to Improve Results, GAO-08-1026T, July 24, 2008
• Nuclear Material: DOE Needs to Take Action to Reduce Risks Before Processing Additional Nuclear Material at the Savannah River Site's H-Canyon, GAO-08-840, July 25, 2008
• Public Transportation: Improvements Are Needed to More Fully Assess Predicted Impacts of New Starts Projects, GAO-08-844, July 25, 2008
• State Department: Comprehensive Strategy Needed to Improve Passport Operations, GAO-08-891, July 25, 2008
• U.S. Postal Service: USPS Has Taken Steps to Strengthen Network Realignment Planning and Accountability and Improve Communication, GAO-08-1022T, July 24, 2008

"This second Annual Report to the Congress on the Information Sharing Environment (ISE) describes the state of the ISE, highlights areas where there has been measurable progress in improving information sharing, and demonstrates the value of the ISE to the Nation's broader counterterrorism (CT) mission. In particular, the President's October 2007 National Strategy for Information Sharing (NSIS) reinforced the importance of information sharing as a national priority. The NSIS integrates all prior terrorism-related information sharing policies, directives, plans, and recommendations, and provides a national framework against which to implement the ISE. While the complexity of the information sharing challenge should not be underestimated, significant progress has been made. This report addresses progress in information sharing to date, while revealing how the paradigm of information sharing—and the ISE in particular—has broadly permeated our institutions of government."

Evidence on the Costs and Benefits of Health Information Technology
July 24, 2008 - Testimony before the Subcommittee on Health, Committee on Ways and Means, U.S. House of Representatives.

• Criminal Justice Resources: Sex Offender Residency Restrictions - Ken Strutin's guide collects recent court decisions, research papers and reports that have addressed the efficacy of exclusionary zoning laws and the impact of these restrictions on sex offenders reentering their communities. Published July 20, 2008
• E-Discovery Update: Lessons From An E-Discovery Disaster - Conrad J. Jacoby examines the recent case of Southern New England Telephone Company (“SNET”) v. Global NAPS, Inc. as an example of how stonewalling and committing perjury, especially with respect to electronic discovery matters that can be independently validated, remains a poor litigation strategy. Published July 20, 2008

"The National Association of State Chief Information Officers (NASCIO) is pleased to announce the release of its research brief, Ready for the Challenge? State CIOs and Electronic Records. The brief is a product of NASCIO's Electronic Records and Digital Preservation Working Group and may be found online. States continue to struggle with new challenges presented by a growing portfolio of electronic records and digital content that must be preserved. Within this context, the issue of electronic records (e-records) management has emerged as a high-priority policy and technology issue for state CIOs. This issue is now driven by emerging trends such as new Web 2.0 collaboration tools that create e-records in forms that are transitory, yet still document the business of government. The importance of the subject is driven by vulnerability of essential e-records during disasters and a growing emphasis on transparency and accountability in state government, including online public access to records on spending, performance, procurements, and contracts."

E-Discovery Update: Precision, Accuracy, and Relevance - Conrad J. Jacoby discusses the challenges and ramifications inherent in an evironment where litigants have increasingly come to rely on computerized search queries rather than free-form document review to identify potentially relevant documents. — Published June 30, 2008

Bryn Nelson, MSNBC, Giving biometrics a hand: "An electronic palm reader is helping one of the largest healthcare systems in the U.S. and several banks in Japan divine the true identities of their patients and customers. The key? A near-infrared camera that captures each person’s unique palm vein pattern, or template."

OIG, Social Security Administration, Benefit Payments in Instances Where the Social Security Administration Removed a Death Entry from the Beneficiary's Record, A-06-07-27156, 06/19/08: "The DMF [Death Master File] is a publicly available database maintained by SSA that contains detailed information on more than 82 million deceased numberholders. Each year, SSA receives death reports for more than 2.5 million individuals and adds the information to the DMF. As depicted on the chart below, SSA receives most death reports from funeral homes or friends/relatives of the deceased. SSA considers such first party death reports to be verified and immediately posts them to the DMF.

Other sources of death reports include States and other Federal agencies, as well as postal authorities and financial institutions. SSA posts nonbeneficiary information to the DMF without verification. However, if these reports indicate an SSA beneficiary died, SSA may perform additional verification before terminating benefits or posting the death entry to the DMF. Verification of death means that an acceptable reporter (usually someone in the person's home, a representative payee, a doctor, or hospital) agrees that the person is deceased and corroborates the date of death, if necessary.

The accuracy of death data is a highly sensitive matter for SSA. Erroneous death entries can lead to benefit termination and result in severe financial hardship and distress to the beneficiary/recipient. Conversely, the removal of legitimate death entries could allow for the authorization and payment of fraudulent benefits.

In instances when death reports are posted in error, SSA deletes the death entry from the DMF ("resurrect" the record) and, when applicable, reinstates benefit payments. SSA employees may only process transactions to resurrect a record when presented with proof the original death entry was posted in error. Unless the mistake resulted from an administrative error, the resurrection transaction should not be processed before completion of a face-to-face interview with the beneficiary or recipient. To validate the integrity of these transactions, SSA requires that two employees be involved in the process. SSA also requires that employees document the events leading to and facts supporting the transaction.

Since January 2004, SSA has provided us with electronic files containing updates made to the DMF, including instances when individual records were removed from the DMF. Preliminary analysis of these files indicated that, from January 2004 through April 2007, SSA deleted more than 44,000 individuals' death entries from the DMF. SSA records indicated 20,623 of these individuals were in current payment status on or after April 27, 2007 and received approximately $17.2 million in monthly SSA benefit payments."

"The framework below proposes a set of practices that, when taken together, encourage appropriate handling of personal health information as it flows to and from personal health records (PHRs) and similar applications or supporting services. Click on the individual documents below to read descriptions and to view or download them as PDF documents. Or, download the entire Common Framework in PDF. The Common Framework for Networked Personal Health Information: Overview and Principles provides background on the documents and how they relate to each other. All resources are available free of charge.

• Read policy brief
  
• Read technology brief
  
• See Flash illustration (Flash 8 required)
  
• Connecting for Health also has released a separate but related Common Framework of policy and technology resources for privacy and security in internet-based networks connecting medical professionals from different institutions and clinics.. Go to the Connecting Professionals Main Page"

The ONC [Office of the National Coordinator for Health Information Technology] Coordinated Federal Health Information Technology Strategic Plan: 2008-2012 - Using the Power of Information Technology to Transform Health and Care.

"The Plan has two goals, Patient-focused Health Care and Population Health, with four objectives under each goal. The themes of privacy and security, interoperability, IT adoption, and collaborative governance recur across the goals, but they apply in very different ways to health care and population health."

"...get access to and manage all of your personal health information online...This would help you keep your doctors and family members up-to-date on important medical conditions and current medications. Well, after a successful pilot with the Cleveland Clinic, we've opened up Google Health to everyone in the U.S. It's easy to sign up, and free to use. All you need is a Google username and password. You can import your medical records and prescription history from our partners — well-known brands such as Walgreens, Longs Drugs and Quest Diagnostics."

Guidance for Homeland Security Presidential Directive (HSPD) 12 Implementation (May 23 2008) (4 pages): "This document serves as a guideline to assist agencies in preparing or refining plans for incorporating the use of Personal Identity Verification (PIV) credentials, to the maximum extent practicable, with physical and logical access control systems."

Government Technology: "The New York State Office for Technology and the New York State Archives, a program of the State Education Department, issued a report last week that examines how the state can provide choice, interoperability and vendor neutrality in electronic document creation while ensuring electronic records are preserved and remain accessible. A Strategy for Openness: Enhancing E-Records Access in New York State makes recommendations to promote openness and transparency aimed at ensuring public records remain free from being locked into proprietary systems and software applications."

Memorandum For The Heads Of Executive Departments And Agencies. SUBJECT: Designation and Sharing of Controlled Unclassified Information (CUI), May 21, 2008.

"EPIC filed a "friend of the court" brief (pdf) in the United States Supreme Court, urging the Justices to ensure the accuracy of police databases. The brief was filed on behalf of 27 legal scholars and technical experts and 13 privacy and civil liberty groups. In Herring v. US, the Court will be asked to determine whether an arrest based on inaccurate information in a criminal justice database should be upheld. EPIC explained how government databases are becoming increasingly unreliable, according to the government's own studies and urged the Court to “ensure an accuracy obligation on law enforcement agents who rely on criminal justice information systems.” The amici warned that, “to permit a good faith reliance on data that is inaccurate, incomplete, or out of date will actually exacerbate the problem and increase the likelihood of unfair treatment in the criminal justice system.” See EPIC page on Herring v. US

"CDT's Health Privacy Project today released a paper urging policymakers and the private sector to develop and implement a comprehensive privacy and security framework to govern the wide range of computer and Internet-based systems being created to share sensitive health information. The paper examines the key issues confronting the adoption of information technology in the health care field and offers suggestions on policies and business practices that will protect patient rights while facilitating the kinds of information sharing that can reduce costs and improve care."

• A Little Grafting of Second Life into a Legal Research Class: Rob Hudson discusses how Second Life can be used to enhance legal research instruction. Experiments in full class lectures and other uses of Second Life in higher education offer a mixture of hype and excitement. Published May 9, 2008
• CongressLine: Running for Congress: Paul Jenks recounts how for the past two years he has run marathons and monitored Congress at the same time, describing how the two experiences are very similar. Published May 9, 2008
• LLRX Book Review by Heather A. Phillips - A Guide to HIPAA Security and the Law: Heather A. Phillips reviews Stephen S. Wu's book whose focus is coming into compliance with the recent and complex new HIPAA requirements. Published May 7, 2008
• Conrad Jacoby's E-Discovery Update: Attorneys, Experts, and E-Discovery Competence: Conrad J. Jacoby focuses on two recent cases that emphasize the credibility problems counsel can face in the context of e-discovery - and suggest that outside assistance may be the only way for some counsel to demonstrate that these materials are being managed in a competent and trustworthy way. Published May 7, 2008
• FOIA Facts - My Proposal: FOIA Litigation Reporting Requirements: Scott A. Hodes makes the case that there should be a reporting requirement for all FOIA lawsuits requiring agencies to inform a central FOIA Office the outcome of FOIA lawsuits. Published May 7, 2008

• The Personal Information Trainer, by Stuart Basefsky
• Criminal Law Resources: Fingerprint Evidence Challenges, by Ken Strutin
• The Social Networking Titans: Facebook and MySpace, by Deborah Ginsberg and Meg Kribble
• Update to Choosing Law Librarianship: Thoughts for People Contemplating a Career Move, by Mary Whisner
• Living With the Asus Eee PC, by Conrad J. Jacoby
• Competitive Intelligence - A Selective Resource Guide, by Sabrina I. Pacifici, completely revised and updated.
• Doing Legal Research in Canada - revised and updated, by Ted Tjaden
• The Tao of Law Librarianship: If the Books Go, Will They Still Want Us? by Connie Crosby
• E-Discovery Update: Minimizing E-Mail Archive Data Conversion Issues, by Conrad J. Jacoby
• Reference from Coast to Coast: Making A Federal Case Out of It, by Jan Bissett and Margi Heinen
• FOIA Facts: Increasing the Quality of FOIA Releases, by Scott A. Hodes
• The Government Domain: Rich Resources from the Librarians of the Fed, by Peggy Garvin
• LLRX Book Review by Heather A. Phillips - Jerome Neu’s Sticks and Stones: The Philosophy of Insults
• Commentary: Waterboarding, Congress and the President, by Beth Wellington

National Committee on Vital and Health Statistics, 2005-2006. February 2008 37 pp. (PHS) 2008-1205

Still Seeking a Truly Digital Life - Analysis: "The French call it 'dematerialization' but the search for a paperless existence continues to elude even technophiles." Peter Sayer, IDG News Service.

Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act, news today from AP: "Older White House computer hard drives have been destroyed, the White House disclosed to a federal court Friday in a controversy over millions of possibly missing e-mails from 2003 to 2005. The White House revealed new information about how it handles its computers in an effort to persuade a federal magistrate it would be fruitless to undertake an e-mail recovery plan that the court proposed."

The World Privacy Forum - A Legal and Policy Analysis - Personal Health Records: Why Many PHRs Threaten Privacy, Prepared by Robert Gellman for the World Privacy Forum, February 20, 2008

New York Times: Pushing Paper Out the Door, by Hannah Fairfield

"The Committee for Economic Development (CED)...released a new report – Harnessing Openness to Transform American Health Care (94 pages, PDF) – that focuses on how to improve health care by giving people more access to information and making the information more responsive to their contributions. The report touches on the entire production system for health care from biomedical research to clinical trials to electronic health care records and patient/doc interactions. It also addresses open access publishing of research results and access to clinical trial data, openness in public health, the impact of greater openness on approval of medical devices, and open models of innovation. The report was prepared by CED's Digital Connections Council (DCC). The DCC is a group of information technology experts from CED-affiliated companies established to advise CED on the policy issues associated with the digital economy and emerging technologies. This report follows the late 2007 release of CED’s report, Quality, Affordable Health Care For All: Beyond The Employer-based Health-insurance System, which includes findings and recommendations on health care reform from CED."

World Privacy Forum: "Consumers and organizations have an opportunity to submit public comments about the accuracy and integrity of credit reports. Until February 11, the Federal Reserve Board, the Federal Trade Commission and other banking agencies will be accepting comments on their draft rulemaking regarding how creditors and other furnishers provide information to consumer reporting agencies, and which types of direct disputes they must handle. This proposed rulemaking is a key one; it defines what accuracy and integrity of information provided to consumer reporting agencies means, how disputes may be handled directly with the furnishers, and which types of direct disputes furnishers may ignore. The NCLC, Consumer's Union, and the World Privacy Forum have written a sample letter that may be downloaded and used or modified for the comments. To file your letter, submit your comments to the Board of Governors of the Federal Reserve System by mailing the comments to regs.comments@federalreserve.gov with the subject line "Docket No. R–1300."

Press release: "Congresswoman Betty McCollum (MN-04), has sent a letter to the Government Accountability Office asking that it reopen its investigation of the privacy and national security risks posed by government agencies reselling used magnetic data tapes that may once have contained large amounts of sensitive personal and government information. Researchers working for Imation, an Oakdale, MN-based corporation that produces magnetic data tapes, were able to recover a wide range of sensitive information from used data tapes that were supposedly wiped clean before being re-sold. Using readily available equipment and information, Imation investigators found out where the tapes originated and recovered bank account numbers, expense reports, employee tax and benefit information, and other sensitive data."

Coalition for Patient Privacy: "Our mission is to ensure that Americans control all access to their health records."

Follow up to previous postings on missing White House emails, from the House Oversight Committee: "On February 15, the Committee will hold a hearing to investigate White House compliance with the Presidential Records Act. Statements made at the January 17 White House press briefing contradict information provided to the Committee, which revealed that a 2005 White House analysis found no archived mail for hundreds of days between 2003 and 2005. The following officials have been invited to testify: Fred Fielding, Counsel to the President; Alan Swendiman, Director, Office of Administration; Allen Weinstein, Archivist of the United States."

New Questions Raised About White House Records Preservation: "In letters to the White House and the National Archives, House Oversight Chairman Waxman asks whether the White House has preserved its records according to the obligations of the Presidential Records Act, and what the White House has done to prepare for the transition of presidential records to the Archives in January 2009."

Documents and Links

Press release: "Becta [British Educational Communications and Technology Agency], the education technology agency, has published a key report on Microsoft Vista and Office 2007 and on document interoperability which analyses the suitability of both software packages for adoption by schools and colleges."

Press release: "Proofpoint, Inc., the leading provider of unified email security and data loss prevention solutions, today reported spam trends for data collected during the month of November 2007, finding that, on average, spam continues to represent nearly 90% of the total email volume received by large enterprises. Attachment-based spam made a comeback with the prevalence of image-based spam, PDF spam and Microsoft Word document spam all increasing over October levels."

Government Technology: "A new white paper designed to help public officials develop policies for removing Social Security numbers and other sensitive information from public documents is now available online. The National Association of Secretaries of State (NASS), in collaboration with the National Electronic Commerce Coordinating Council (eC3), today released a joint white paper on redaction entitled Privacy, Public Access & Policymaking in State Redaction Practices. Developed with input from leading experts in government, academia and the private sector, the paper is the first national report specifically written for state and local leaders coping with data security issues in public records."

National Association of State Chief Information Officers - The Search Is On: State CIO Starting Points for E-Discovery
November 2007: "In its September 2007 Issue Brief entitled Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery!, NASCIO raised the importance of State CIO involvement in e-discovery and the need for collaborative state electronic records management activities to properly address e-discovery requests. In this follow-up Research Brief, NASCIO provides starting points for State CIOs to improve the state’s ability to successfully address legal requests for electronic information.

Topics include:

20 November 2007, Statement to the House of Commons by Chancellor of the Exchequer, Alistair Darling, MP, on HMRC

Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act: "The National Security Archive filed a motion on Friday, October 26, seeking expedited discovery against the Executive Office of the President to find out what e-mails are missing from the White House e-mail system or backup tapes. Archive General Counsel Meredith Fuchs explained, “The pressing need for the information arises out of troubling representations by the EOP and its components about its document preservation obligations and the location of its backup tapes. We need information so we can take steps to preserve all possible sources of e-mails deleted from the White House servers.” Also on Friday, a similar motion was filed in a virtually identical lawsuit brought by Citizens for Responsibility and Ethics in Washington (CREW) on September 25, 2007.

The Archive filed this case on September 5, 2007, against the Executive Office of the President (EOP) and its components seeking to recover at least 5 million federal e-mail records improperly deleted by the EOP. After the government failed to provide adequate assurances that backups and copies of the missing e-mail would be preserved throughout this litigation, on October 11, 2007, CREW filed a motion for a temporary restraining order against the White House defendants in its case. A hearing in CREW’s case was held before Magistrate Judge Facciola on October 17, 2007. Magistrate Judge Facciola issued a Report and Recommendation on October 19, 2007, advising the Court to grant a temporary restraining order. The government has filed objections to Magistrate Judge Facciola’s Report and Recommendation, and CREW has responded to the government’s objections."

NASCIO - Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery, September 2007: "In increasingly consolidated state technology environments, State CIOs may have heightened responsibility for the storage, preservation and retrieval of electronic information in response to e-discovery requests. Since government information is a knowledge asset, State CIOs must ensure the proper management of state information assets in addition to the technological infrastructure for locating and retrieving that information. This issue brief explains the impact for State CIOs of e-discovery requests and encourages State CIOs to pursue a holistic approach to enterprise records management as part of a team of state government stakeholders, including state legal counsel, archivists, records managers, and agency business leaders."

Materials from PLL Programs at AALL 2007 - The Challenge of Electronic Discovery: How Reference Service, Records Management and Litigation Support Interact, Speakers: John Montaña, Esq., PelliGroup, Inc. and Rachelle L. DeGregory, Esq., LexisNexis [PowerPoint document]

"The World Privacy Forum has filed public comments with the Department of Health and Human Services requesting that its new National Disaster Medical System protect all patient information to at least the baseline protections that HIPAA affords, including the HIPAA security and privacy protections. Currently, the new system does not do this, even though the system is housed at HHS, the agency which promulgated the HIPAA standards. The National Disaster Medical System currently contains overbroad routine uses which could potentially result in significant privacy and even public health issues. For example, public health information will not be able to be disclosed under the National Disaster Medical System as the system is currently organized. Additionally, some of the current routine uses in the system would authorize disclosures that would be illegal under HIPAA. For example, Congressional disclosure of a HIPAA record requires a written authorization, something the new system does not require. Read the comments (PDF)."

Electronic Records Management and Digital Preservation: Protecting the Knowledge Assets of the State Government Enterprise, PART II: Economic, Legal, and Organizational Issues, July 2007

Press release: "Personal information of certain uniformed service members, family members and others was placed at risk for potential compromise while being processed by SAIC under several health care data contracts for military service customers, the company said today. SAIC remedied the security lapses upon learning of them and began working with the customers to mitigate any potential impact. Forensic analysis has not yielded any evidence that any personal information was actually compromised; however, the possibility cannot be ruled out. SAIC is notifying approximately 580,000 households, some with more than one affected person."

Toward a Safer and More Secure Cyberspace, Seymour E. Goodman and Herbert S. Lin, Editors, Committee on Improving Cybersecurity Research in the United States, National Research Council, 272 pages, pre-publication copy, 2007.

WSJ free feature: When Public Records Are Too Public - Open Records Are an Established Tradition, But Does Internet Access Call for a Change?: "Property deeds, marriage and divorce records, court files, motor-vehicle information and tax documents are increasingly being digitized, and contain a wealth of information that few of us would want online: Social Security numbers, birth dates, maiden names and images of our signatures. Local governments have rushed to put those documents online for a decade or so, often without scrubbing them of such information. And that's made them potentially fertile ground for busybodies, stalkers and identity thieves."

Administration Oversight, White House Use of Private E-mail Accounts: "The Oversight Committee has been investigating whether White House officials violated the Presidential Records Act by using e-mail accounts maintained by the Republican National Committee and the Bush Cheney ‘04 campaign for official White House communications. This interim staff report provides a summary of the evidence the Committee has received to date, along with recommendations for next steps in the investigation."

The information the Committee has received in the investigation reveals:

Press release: OMB Issues New Guidelines for Protecting the Confidentiality of Statistical Information (June 15, 2007)

Implementation Guidance for Title V of the E-Government Act, Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA). AGENCY: Office of Management and Budget, Executive Office of the President. ACTION: Notice of decision. Federal Register: June 15, 2007 (Volume 72, Number 115) [Page 33361-33377]

Daniel Pulliam at Govexec.com reported, "Eighteen agencies have been asked by the Office of Special Counsel to preserve electronic information dating back to January 2001 as part of its governmentwide investigation into alleged violations of the law that limits political activity in federal agencies. The OSC task force investigating the claims has asked agencies, including the General Services Administration, to preserve all e-mail records, calendar information, phone logs and hard drives going back to the beginning of the Bush administration."

Information Technology: VA and DOD Are Making Progress in Sharing Medical Information, but Are Far from Comprehensive Electronic Medical Records GAO-07-852T, May 8, 2007.

Follow-up to postings on the escalating interest in the U.S. Attorney firings, this press release: "Citizens for Responsibility and Ethics in Washington (CREW) released a report [April 12, 2007], WITHOUT A TRACE: The Missing White House Emails and the Violations of the Presidential Records Act, detailing the legal issues behind the story of the White House e-mail scandal. WITHOUT A TRACE covers the following areas:

Following up on this April 10, 2007 posting, House Judiciary Committee Subpoenas AG Gonzales, and related links on the U.S. Attorney firings, today this press release from Rep. Waxman's House Oversight and Government Reform Committee: "Following briefings from the White House and Republican National Committee that revealed an extensive volume of e-mails regarding official government business may have been destroyed by the RNC, Chairman Waxman directs government agencies to preserve e-mails received from or sent to non-governmental e-mail accounts used by White House staffers. The Committee also requests that government agencies provide an inventory of all e-mails involving these accounts. The briefing received by the Committee raises serious concerns about the White House compliance with the Presidential Records Act, which requires that the President "take all such steps as may be necessary to assure that the activities, deliberations, decisions, and policies that reflect the performance of his constitutional, statutory, or other official or ceremonial duties are adequately documented and that such records are maintained as Presidential records."
Related documents: This press release includes links to letters from the Chairman to 16 agency heads, which duplicate the text of a letter to Attorney General Gonzales. Each letter is three pages, PDF.

Tech//404® Data Loss Cost Calculator: "Data loss resulting from network security breaches and identity theft has become a regular occurrence. While the number of affected records can vary widely in any given data loss scenario, a recent study by the Ponemon Institute found that the average number was roughly 99,000. For recent examples and media reports, visit the data loss archive. Darwin created the Tech//404® data loss cost calculator as a tool to demonstrate the scope of negative financial impact an organization may face as a result of a data breach or identity theft data loss scenario. The calculator will automatically generate an average cost, and a plus/minus 20% range, for expenses associated with internal investigation, notification/crisis management and regulatory/compliance if the incident were to give rise to a class action claim."

The Third Branch, March 2007: "Some day in the not-too-distant future, locating and reading a brief filed in a federal appellate case will become as easy as finding an appeals court opinion. And electronic appellate briefs will feature hyperlinks to lower court rulings, statutes, regulations, and other cited materials. “Judges generally are excited about having attorneys file briefs that contain hyperlinks to citations,” said Gary Bowden, chief of the Administrative Office’s Appellate Court and Circuit Administration Division. “And through PACER (the Public Access to Court Electronic Records system) these briefs will be available to everyone.” Until late last year, 10 of the 12 regional appellate courts were using an antiquated system of receiving, storing and tracking their cases, a system that at age 20 was long overdue for retirement." The St. Louis-based U.S. Court of Appeals for the 8th Circuit took a giant step in December when it became the first of those 10 courts to go live with Case Management/Electronic Case Files (CM/ECF). The rest are to follow by the end of 2007."

"Citing evidence that senior White House officials are using RNC and other political email accounts to avoid leaving a record of official communications, Chairman Waxman directs the Republican National Committee and the Bush-Cheney ’04 Campaign to preserve the emails of White House officials and to meet with Committee staff to explain how the accounts are managed and what steps are being taken to protect the emails from destruction and tampering."

Documents and Links:

Press release: "The majority of consumers place some importance on whether a physician has electronic health records when choosing a physician and would be willing to pay for the service, according to research results released today by Accenture. The goal of the research, a survey of 600 U.S. consumers and interviews with more than 100 physicians, was to gauge consumer and physician attitudes toward electronic health records (EHR). An EHR comprises an individual’s medical information including conditions, medication information, test results and treatment plans that exist in electronic form. Among the key findings: Two-thirds (67 percent) of consumers said that electronic health records are at least slightly important in their selection of a physician, and half (51 percent) said they would be willing to pay for the service, if the price were reasonable. At the same time, just one in ten physicians interviewed (11 percent) currently uses electronic records."

"The World Privacy Forum filed public comments with the Department of Health and Human Services in response to an HHS request for information regarding the use of patients' genetic data for research, health care, and for use in electronic health records. The World Privacy Forum is requesting that HHS use all Fair Information Principles in any personalized health care projects, and is requesting that a formal ELSI (ethical, legal, and social implications) committee be set up to oversee any projects, among other requests."

Health Information Technology: Early Efforts Initiated but Comprehensive Privacy Approach Needed for National Strategy, Full text GAO-07-400T, and Highlights, February 1, 2007: "GAO identified key challenges associated with protecting electronic personal health information in four areas."

Table of Contents for LLRX.com - January 15, 2007 issue:

"The world of Legal Technology has...had its share of ups and downs in 2006, with companies spying on their boards, the treasury department spying on money transfers, and the government spying on, well, everyone! With all the spying going on, data security was certainly on everyone's mind in 2006, and several key stories arose out of the inability of companies and government agencies to protect their customer and employee data. The new Federal Rules of Civil Procedure also added to the mix with new requirements for companies and other potential litigants to keep in mind as they generate gigabytes and gigabytes of information every day." [Link]

Press release: "Building clinical research into the Nationwide Health Information Network (NHIN) will enable faster discovery and verification of treatments and cures, according to a report released today by FasterCures. The report, Ensuring the Inclusion of Clinical Research in the Nationwide Health Information Network, details steps to help speed the implementation of Electronic Health Record (EHR) systems and suggests four strategies to include a research component in the NHIN, the federal government's planned "Internet for Healthcare."

Press release: "U.S. Deputy Attorney General Paul J. McNulty announced today during a speech at a meeting of the Lawyers for Civil Justice in New York that the Department of Justice is revising its corporate charging guidelines for federal prosecutors throughout the country. The new guidance revises the Thompson Memorandum, which was issued in January 2003 by then-Deputy Attorney General Larry D. Thompson and titled the “Principles of Federal Prosecution of Business Organizations.” The memo provides useful guidance to prosecutors in the field through nine factors to use when deciding whether to charge a corporation with criminal offenses. The guidance continues to require consideration of the factors from the Thompson memo but adds new restrictions for prosecutors seeking privileged information from companies. Specifically, it creates new approval requirements that federal prosecutors must comply with before they can request waivers of attorney-client privilege and work product protections from corporations in criminal investigations."

Information Technology: DOD Needs to Ensure That Navy Marine Corps Intranet Program Is Meeting Goals and Satisfying Customers, Full-text GAO-07-51, and Highlights, December 8, 2006.

Markle Foundation - Connecting Americans to Their Health Care: A Common Framework for Networked Personal Health Information (41 pages, PDF): "A white paper that describes a networked environment in which consumers could establish secure electronic connections with multiple entities that hold personal health information about them. The paper discusses how consumer participation in networked environments has transformed other sectors, such as travel and finance, and concludes that the health care sector would benefit greatly from a properly designed secure network that enables greater consumer engagement."

Sentinel Audit II: Status of the Federal Bureau of Investigations Case Management System (Redacted), Audit Report 07-03, December 2006 (PDF - Full Report)

U.S. Public Policy Committee of the Association for Computing Machinery: "...the National Institute of Standards and Technology (NIST) released a paper recommending that federal standards allow certification only for "software independent" (i.e. ones that create a paper trail) e-voting systems. A key technical panel will consider and vote upon the recommendations this [week]. Calling these recommendations an important step forward for improving e-voting machine security, USACM issued a letter urging the panel to adopt the recommendations..."

The Third Branch: "On December 1, 2006, amendments to Federal Rules of Civil Procedure 16, 26, 33, 34, 45 and revisions to Form 35 will take effect unless Congress enacts legislation to reject, modify or defer them. These amendments and revisions are all aimed at one particular area of discovery—electronically stored information, meaning all information in computers...One study found that the cost of discovery represents approximately 50 percent of the litigation costs in all cases, and as much as 90 percent of the litigation costs in the cases where discovery is actively employed. A "cottage industry" of forensic specialists has emerged with the sole purpose of assisting law firms comply with their electronic discovery obligations...For more on the specific changes in the rules aimed at discovery of electronically stored information, visit http://www.uscourts.gov/rules/Reports/ST09-2006.pdf."

"Few corporations are prepared for the new federal rules slated to take effect Dec. 1 for electronic discovery of documents in civil cases, according to a survey conducted by Computerworld. About 42% of the 170 IT managers and staffers surveyed said they did not know the status of their company's preparation for the new rules, while 32% said their company was not at all prepared."

Press release: "Lawyers who receive electronic documents are free to look for and use information hidden in metadata – information embedded in electronically produced documents – even if the documents were provided by an opposing lawyer, according to a new ethics opinion from the American Bar Association."

Treasury Inspector General for Tax Administration (TIGTA) "audit found that the use of the Free File Program declined after income restrictions were applied." September 29, 2006 (42 pages, PDF)

AmLaw Tech Survey: Law Firms Play Variations on Old Themes - "The 11th annual survey finds firms expanding IT while adopting new versions of old standards."

Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information, Conference of Chief Justices, Approved August 2006.

Press release: California "Attorney General Bill Lockyer today filed felony charges against former Hewlett-Packard Chairwoman Patricia C. Dunn and four other defendants, alleging they committed criminal offenses related to the use of false pretenses to access individuals' phone records during the company's probe of boardroom leaks to the media."

Follow-up to previous postings on EPA's closure of libraries, this press release: "Prosecution of polluters by the U.S. Environmental Protection Agency "will be compromised" due to the loss of "timely, correct and accessible" information from the agency's closure of its network of technical libraries, according to an internal memo released today by Public Employees for Environmental Responsibility (PEER). EPA enforcement staff currently rely upon the libraries to obtain technical information to support pollution prosecutions and to track the business histories of regulated industries."

Metadata and other things that go bump in the night (41 pages, PDF) - "There is data lurking in your data. Some people call it "invisible ink". Microsoft refers to it as "metadata". Either way, the reference is to information in an electronic document that is not always visible. This session will explain the dangers of metadata, how to avoid it, and recent bar association interest in the ethics of exposing or mining metadata." [by Catherine Sanders Reach]

Press release, August 17, 2006, U.S. Citizenship and Immigration Services: "USCIS Announces Establishment of a Records Digitization Facility in Williamsburg, Ky., that will digitize more than one million UCIS Alien-Files (A-Files) during the first phase...[there are approximately 70 million immigration records]."

Final Rule: Safe Harbors for Certain Electronic Prescribing and Electronic Health Records Arrangements Under the Anti-Kickback Statute, pre-publication copy - to be published in August 8, 2006 Federal Register. (133 pages, PDF)

Related references:

Financial Restatements: Update of Public Company Trends, Market Impacts, and Regulatory Enforcement Activities, Full text GAO-06-678, and Highlights, July 24, 2006.

Press release: "CA today announced a new security survey of 642 large North American organizations which shows that more than 84% experienced a security incident over the past 12 months and that the number of breaches continues to rise. According to the findings, security breaches have increased 17% since 2003. As a result, 54% of organizations reported lost workforce productivity; 25% reported public embarrassment, loss of trust/confidence and damage to reputation; and 20% reported losses in revenue, customers or other tangible assets. Of the organizations which experienced a security breach, 38% suffered an internal breach of security."

"The potential benefits of sharing patient electronic records within health systems are broadly agreed, but concerns remain over patient consent and security. Experts in this week's BMJ discuss how patients should consent to use of electronic records in the NHS and how the data can be kept secure."

Press release: "The Federal Trade Commission and the Department of Justice's (DOJ) Antitrust Division today announced that they are implementing an electronic filing system that allows merging parties to submit via the Internet premerger notification filings required by the Hart-Scott-Rodino (HSR) Act. Electronic filings may be submitted quickly and easily, eliminating the time and expense entailed in duplicating and delivering documents."

Related government documents:

"...the eHealth Vulnerability Reporting Program (eHVRP) is a collaborative of health care industry organizations, technology companies and security professionals. eHVRP’s mandate is to establish approaches and procedures that will help ensure eHealth systems are broadly and rapidly deployed with the highest levels of privacy and security."

An interesting article in today's National Law Journal (free) discusses issues associated with the integrity of digital evidence, including email, photos, and metadata.

SEC press release: "The Securities and Exchange Commission today filed a civil injunctive action against Morgan Stanley & Co. Incorporated for failing to produce tens of thousands of e-mails during the Commission's IPO and Research Analyst investigations from Dec. 11, 2000, through at least July 2005. The Commission alleges in its complaint that Morgan Stanley did not diligently search for back-up tapes containing responsive e-mails until 2005. Morgan Stanley also failed to produce responsive e-mails because it over-wrote back-up tapes."

Sarbanes-Oxley Act: Consideration of Key Principles Needed in Addressing Implementation for Smaller Public Companies,
Full Report GAO-06-361, and Highlights, April 13, 2006.

HealthNex blog, sponsored by IBM, is a joint effort by industry and consumer groups, focused on sharing resources pertaining to e-health records and other IT related issues (such as RFID technology and patient privacy).

Information Technology: Near-Term Effort to Automate Paper-Based Immigration Files Needs Planning Improvements, Full text GAO-06-375, Highlights, March 31, 2006.

Follow the E-Mail Trail - What you can learn from the data embedded in e-mail headers, by Mark A. Berman and Aaron Zerykier, The National Law Journal.

ComputerWorld reports that Westchester County in New York is the first county in the nation to require all businesses with wireless networks that collect consumer related data to use "minimun security measures."

Financial Management Systems: Lack of Disciplined Process Puts Effective Implementation of Treasury's Governmentwide Financial Report System at Risk, Full-text GAO-06-413, Highlights, April 21, 2006.

ABA Journal: Understanding Search-Term Basics Ensures More Thorough E-Discovery Compliance

Federal Register: April 10, 2006 (Volume 71, Number 68)][Rules and Regulations][Page 18007-18008], National Archives and Records Administration (NARA), Final Rule: "The Information Security Oversight Office (ISOO), National Archives and Records Administration (NARA), is publishing this Directive pursuant to section 102(b)(1) of Executive Order 12829, as amended, relating to the National Industrial Security Program. This order establishes a National Industrial Security Program (NISP) to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. Redundant, overlapping, or unnecessary requirements impede those interests. Therefore, the NISP serves as the single, integrated, cohesive industrial security program to protect classified information and to preserve our Nation's economic and technological interests. This Directive sets forth guidance to agencies to set uniform standards throughout the NISP that promote these objectives."

FCW.com: Agencies risk unwitting release of sensitive information using popular office software: "The causes of much of the hidden data problem are users' ignorance of how digital documents work and software companies' tendency to give customers too much of what they want — ease of use and flexibility."

New York Times interview with DHS Director Michael Chertoff,by Deborah Solomon, April 2, 2006: Chertoff states, "I don't use e-mail. One reason is when you write an e-mail, you have to be mindful of the fact that nothing ever disappears. It can be deleted, but it is still in the system somewhere...They can get me. They don't need to e-mail me. There's a thing called a telephone."

Defense Critical Technologies, (151 pages, PDF), March 2006. This report is a product of the Defense Science Board (U.S.) and the Defence Scientific Advisory Council (UK). This report is unclassified.

ComputerWorld reports on enterprisewide search applications implemented by large corporations for a range of tasks, including competitive intelligence, e-discovery, and generating intranet content. Solutions such as FAST, Autonomy and Endeca index formats including text, audio and video.

Federal Bureau of Investigation: Weak Controls over Trilogy Project Led to Payment of Questionable Contractor Costs and Missing Assets, Full-text, GAO-06-306, and Highlights, February 28, 2006.

Adobe whitepaper, Redaction of Confidential Information in a Document: "How to safely remove sensitive information from Microsoft Word documents and convert to PDF"

Follow-up to National Journal Article Claims Curtailed Gov't Surveillance Program Still Active, from today's New York Times, Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data: "...by fundamentally changing the nature of surveillance, high-tech data mining raises privacy concerns that are only beginning to be debated widely. That is because to find illicit activities it is necessary to turn loose software sentinels to examine all digital behavior whether it is innocent or not."

"Summary: NARA is revising our regulations to provide for the appropriate management and disposition of very short-term temporary e-mail, by allowing agencies to manage these records within the e-mail system." Federal Register, February 21, 2006 (Volume 71, Number 34)] [Rules and Regulations][Page 8806-8808].

New York Times: Too Many New Gadgets, Too Much Information at Risk: Loss, theft and viruses are major issues as corporate use of handheld devices and pocket PCs increases. Pre-emptive security options are available however, as this article describes.

They Haven’t Got Mail - The Katrina hearings haven’t only revealed critical information about White House responses to the hurricane. They’ve also uncovered the online secrets of Donald Rumsfeld and Michael Chertoff: "...congressional investigations of government responses to Hurricane Katrina have revealed that two of the nation's key crisis managers, the secretaries of Defense and Homeland Security, do not use e-mail...Spokesmen for the two officials maintain that Rumsfeld and Chertoff were kept informed during Katrina the same way as they keep in touch during other crises: through aides and a variety of other communications methods..."

FTC press release: "The primary reforms to the merger review process establish presumptions that the FTC will: (1) limit the number of employees required to provide information in response to a second request, provided the party complies with specified conditions; (2) reduce the time period for which a party must provide documents in response to the second request; (3) allow a party to preserve far fewer backup tapes and produce documents on those tapes only when responsive documents are not available through more accessible sources; and (4) significantly reduce the amount of information parties must submit regarding documents they consider to be privileged."

"The All Party Parliamentary Internet Group (APIG) [held] an oral evidence session [February 2, 2006] at the House of Commons, as part of its public inquiry on Digital Rights Management(DRM)...The inquiry...is seeking to establish how consumers, artists and the distribution companies should be protected in a continually evolving market place...Regrettably, this session will not be open to the public but a full transcript of the sessions will be made publicly available when the final report is published in April."

Late last night AP reported that Special Counsel Patrick J. Fitzgerald stated in legal correspondence [the full text of which is available here in PDF] related to discovery in the Libby CIA leak indictment, that White House email from 2003 failed to be properly archived. The article quotes the response of noted government secrecy expert Steven Aftergood to this disclosure as follows - "Bottom line: Accidents happen and there could be a benign explanation, but this is highly irregular and invites suspicion."

From askSam: "CPT and HCPCS Medical Codes, Free Searchable Version: This database contains a complete listing of CPT codes (Current Procedural Terminology) and HCPCS codes (Healthcare Common Procedure Coding System). This database is fully searchable by code, description, type or category."

This New York Times essay, A Growing Web of Watchers Builds a Surveillance Society, by David Shenk, offers especially cautionary insight in light of the growing public and political response to revelations about the government's domestic surveillance program.

I am delighted to announce the addition of three new columns on LLRX.com, authored by leading professionals from different spheres of our community.

DHS press release: "A live test of e-Passports, that contain contactless chips with biographic and biometric information and the readers that are capable of reading these e-Passports, begins January 15, 2006 at Terminal G at San Francisco International Airport (SFO). This test is a collaborative effort between the United States, Australia, New Zealand and Singapore that will run through April 15, 2006."

Searches and Seizures in a Digital World, by Orin S. Kerr (55 pages, PDF)

Document management systems go to court - New federal rules for 2006 could come down hard on IT:

RSS Aggregation - Part 1: The Partnership

This text will self-destruct in 40 seconds - Next year self-deleting emails and photo messages too.: "Staellium UK said that its StealthText service will allow business executive dealing in sensitive information to send texts which will delete themselves from the recipient's mobile phone as soon as the person has read them."

Following up on previous postings about phishing, the New York Times yesterday published an article, Gone Spear-Phishin' detailing the extent, impact and intent of cybercriminals who launch Trojans to steal the data of individuals and corporations, for both profit and personal reasons.

Press release, November 29, 2005: "The Securities and Exchange Commission today voted to propose for public comment rules that would allow companies and other persons to use the Internet to satisfy proxy material delivery requirements...The company would post its proxy materials on an Internet Web site (other than EDGAR) and would send a 'Notice of Electronic Proxy Materials' (the Notice) at least 30 days before the date of meeting."

November 18, DOJ/OIG Top Management and Performance Challenges in the Department of Justice - 2005: Counterterrorism; Sharing of Law Enforcement and Intelligence Information; Department and FBI Intelligence-Related Reorganizations; Information Technology Systems Planning and Implementation; Information Technology Security; Financial Management and Systems; Grant Management; Detention and Incarceration; Judicial Security; and Supply and Demand for Drugs.

Library of Congress press release: "Google Is First Private-Sector Partner with Funding of $3 Million. Librarian of Congress James H. Billington and Google Co-Founder Sergey Brin announced today that Google is the first private-sector company to contribute to the Library's initiative to develop a plan to begin building a World Digital Library (WDL) for use by other libraries around the globe. The effort would be supported by funds from nonexclusive, public and private partnerships, of which Google is the first. The concept for the WDL came from a speech that Billington delivered to the newly established U.S. National Commission for UNESCO on June 6, 2005, at Georgetown University."

Related news and links:

S. 1418: Wired for Health Care Quality Act, A bill to enhance the adoption of a nationwide inter operable health information technology system and to improve the quality and reduce the costs of health care in the United States. Passed Senate by voice vote, November 18, 2005.

Related documents:

Law tech guru Dennis Kennedy is quoted in this article in today's New York Times: Beware Your Trail of Digital Fingerprints. He suggests practical ways to eliminate data deleted in revisions when it is determined that documents have been finalized.

Federal Register, November 2, 2005 (Volume 70, Number 211), Page 66470-66472. National Archives and Records Administration (NARA). Notice of availability of proposed records schedules; request for comments.

Following up on previous postings related to security risks associated with discarding PC hard drives, the parallel environmental toll of the expanding amount of e-waste generated by constant hardware upgrades, via the The Basel Action Network (BAN):

Press release: "Eighty-six percent of U.S. physicians surveyed said that a health-care system that adopted information technology such as electronic health records would improve the quality of health care patients receive. In addition, 79 percent of patients also believe that, according to national surveys commissioned by the Technology CEO Council."

Related links:

Markle Foundation press release: Americans Support Online Personal Health Records; Patient Privacy and Control Over Their Own Information Are Crucial to Acceptance

Committee on Government Reform, September 29, 2005 hearing, The Last Frontier: Bringing the IT Revolution to Healthcare.

"KatrinaHealth.org, an online service to help individuals affected by Hurricane Katrina work with their health professionals to gain access to their own electronic prescription medication records. Through KatrinaHealth.org authorized pharmacists and doctors can get records of medications evacuees were using before the storm hit, including the specific dosages."

Press release: "Archivist of the United States Allen Weinstein announced today several initiatives to aid in the recovery of original records in the states of Mississippi, Alabama, and Louisiana that have been affected by Hurricane Katrina...[he stated] the potential loss of information that directly affects the lives of people in these states is staggering. The loss of our collective memory of this region, 'identity loss' in other words, is at stake. Property deeds; birth certificates; personal papers; information documenting the rights and entitlements of citizens, such as social security and veterans benefits, are all at risk. Records found in Federal, state, local and cultural sites must be rescued."

Press release: "After a second review by the executive branch, a September 12, 2005 version of the 9/11 Commission Staff Monograph on the Four Flights and Civil Aviation Security has been released by the U.S. Department of Justice and transferred to the National Archives. This newer version of the report contains fewer redactions than the version first released on January 28, 2005."

Reuters reported on a WSJ article focused on the SEC's ongoing enforcement proceedings against Morgan Stanley which may now include a civil penalty in excess of $10 million for not retaining relevant e-mail.

"The intent of this RFI is, consistent with the direction in the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004, to provide Electronic Directory Services (EDS), or the functional equivalent, to enable authorized participants to locate and access information, organizations, services and personnel in support of their respective mission requirements for terrorism information...An initial capability must at a minimum, contain terrorism information and be accessible to the Federal government with a clear path for early expansion to State, local, and tribal officials, law enforcement, the private sector, and foreign allies. The rough order of magnitude capacity of the ELECTRONIC DIRECTORY SERVICES (EDS) for the long term is thousands of organizations and, potentially, millions of individual users, and hundreds of thousand or millions of accesses each day (emphasis added)." [Link]

Law Firm Fends Off IM Threats

PowerPoint presentations prepared by Lee Nemchek, Larry Eiring, and Ganesh Natarajan, and a 3-page outsourcing bibliography (in Word), from the PLL-sponsored program entitled "Outsourcing: Odious or Out-of-the-Box [Link to all these materials].

The topic of e-fax continues to be of interest according to legal listserv postings, so this new PC Magazine article, Internet Faxing Reaches the Mainstream, may be of assistance to those who have yet to settle on a specific application.

Financial Market Organizations Have Taken Steps to Protect against Electronic Attacks, but Could Take Additional Actions, GAO-05-679R, June 29, 2005.

Press release: "A majority of U.S. consumers believe that electronic medical records can provide valuable benefits, especially during medical emergencies, and can improve overall medical care, according to the results of a survey released today by Accenture."

New York Times editorial today, The Dangerous Comfort of Secrecy: "The Bush administration is classifying the documents to be kept from public scrutiny at the rate of 125 a minute. The move toward greater secrecy has nearly doubled the number of documents annually hidden from public view - to well more than 15 million last year, nearly twice the number classified in 2001 - as bureaucrats have invented more amorphous categories like "sensitive security information." At the same time, the declassification of documents required under the Freedom of Information Act has been choked down to a fraction of what it was a decade ago, leaving the government working behind an ever darker, ever denser screen."

Government Technology reports that Suffolk County, New York is blazing an e-government trail with the launch of a subscriber based Virtual County Clerk's Office. The service will allows subscribers to "perform title searches for residential and commercial property, do background searches for employment and credit worthiness, or procure other land property documents..." and receive e-mail alerts on new information added to the clerk's online database.

Deloitte & Touche published their annual Global Security Study, 2005 (44 pages, PDF) which surveys the state of IT security in the finanical services industry.

Related references:

"CDT Executive Director Jim Dempsey today warned a House subcommittee [Testimony: 12 pages, PDF]that government efforts to create a new air traveler screening system -- called Secure Flight -- have yet to adequately address critical issues concerning the system's effectiveness and ability to protect the privacy and due process rights of Americans. CDT said that the government must develop consistent criteria for adding suspected terrorists to watch lists and should collect from airlines only the minimum amount of data necessary to make effective matches against those lists."

NewsForge has a detailed and very interesting posting on how a group of Italian attorneys have formed a consortium to facilitate the distribution of, and training programs about how to efficiently use open source applications for a range of document management applications as well as e-filing of court documents.

According to an article today by Declan McCullagh, the DOJ is reviewing the implementation of "data retention rules that could permit police to obtain records of e-mail, browsing or chat-room activity months after ISPs ordinarily would have deleted the logs--if they were ever kept in the first place."

The WSJ free content today includes this article, How Much Is It Really Costing To Comply With Sarbanes-Oxley?, that cites a range of reports, surveys and statistics offering contradictory estimates on actual corporate compliance costs.

Largest Compilation of Private-Sector Comments on Nationwide Interoperable Health Information Exchange to Date: "The U.S. Department of Health and Human Services today released a report summarizing over 500 responses from individuals and private industry on interoperable health information exchange. The report, Summary of Nationwide Health Information Network Request for Information Responses, is a compilation of responses to a request for information (RFI) that sought input from the public on how to move forward on the development and adoption of a nationwide health information exchange."

AP reported that an audit revealed Montana state agencies failed to scrub the hard drives of state computers containing personal data (including social security numbers, income tax reports and medical records) prior to donating, selling and otherwise transferring their ownership.

Division of Corporation Finance, Office of the Chief Accountant, U.S. Securities and Exchange Commission, May 16, 2005 - Staff Statement on Management's Report on Internal Control Over Financial Reporting:

2005 Electronic Monitoring & Surveillance Survey: Many Companies Monitoring, Recording, Videotaping—and Firing—Employees

The Terror Watch List, under development for several years, has been plagued by set-backs; administrative, technical and political in nature. This BusinessWeek.com article reviews the origins of the system, the technology hurdles encountered during the course of its development, and the plans for its completion.

REAL ID: "The United States is getting a national ID card. The REAL ID Act (text of the bill and the Congressional Research Services analysis of the bill) establishes uniform standards for state driver's licenses, effectively creating a national ID card. It's a bad idea, and is going to make us all less safe. It's also very expensive. And it's all happening without any serious debate in Congress."

From Federal Computer Week, this article reviews the challenges of digital preservation programs initiated by LC and GPO. The agencies are seeking technology solutions that harvest data on government documents to fulfill directives to digitize collections, archives and websites. Challenges to these initiatives include copyright issues, vast deep web document repositories, and the tremendous scope of data involved.

Committee on Financial Services hearing entitled "Assessing Data Security: Preventing Breaches and Protecting Sensitive Information," May 04, 2005.

Information on 600,000 current, former Time Warner workers missing

Press Release, April 26, 2005, National Archivist Testified Before Congress on '06 Budget Request: "In his testimony, the Archivist focused on four areas in particular that are of major importance to the National Archives and Records Administration: The Electronic Records Archives (ERA), the Nixon Library, the National Archives Experience, and the issue of document security.

From the Federal Judiciary Newsroom today: "Implementation of the federal judiciary's Case Management and Electronic Case Files (CM/ECF) system continues in appellate, district and bankruptcy courts across the country. The new system provides courts with the option to have case file documents in electronic form, and to accept filings over the Internet. Details.

Data on the classification of government documents, compiled by the National Records and Archives Administration's Information Security Oversight Office, is available in the 2004 Report to the President:

Searches and Seizures in a Digital World, by Orin S. Kerr, forthcoming in Harvard Law Review, Vol. 119, 2006.

A follow-up to my previous posting, Federal Gov't Wants To Mine College and University Student Data, is this recently released report: Feasibility of a Student Unit Record System Within the Integrated Postsecondary Education Data System (168 pages, PDF)

Press release: New Study Shows Limited Use of Electronic Medical Records: "Less than a third of the nation's hospital emergency and outpatient departments use electronic medical records, and even fewer doctors’ offices do, according to a report released today by the Centers for Disease Control and Prevention (CDC)...The use of electronic records in health care lags far behind the computerization of information in other sectors of the economy. In health care, billing applications were the first to be computerized. Electronic billing systems are used in three-quarters of physician office practices, but computerization of clinical records has been much slower."

This Washington Post (reg. req'd) article reviews how individuals are using fee-based services that digitize their personal medical records as a way to manage uniform access to them in the event of medical emergencies and to facilitate the process of diagnostic evaluations. This may forecast a near term future of non-standard applications that fill the gap before the implementation of the National Health Information Network (NHIN).

140 Kaiser patients' private data put online:
"In a troubling episode involving medical privacy in the digital age, Kaiser Permanente is notifying 140 patients that a disgruntled former employee posted confidential information about them on her Weblog."

"The Federal Trade Commission testified...before the U.S. Senate Committee on Banking, Housing, and Urban Affairs about the reach of existing federal laws that require certain information providers to safeguard sensitive information and to ensure that the information doesn’t fall into the wrong hands. The Senate Banking Committee is examining recent developments involving the security of sensitive consumer information." [Link]

From the Washington Post, New Industry Helping Banks Fight Back - Sleuths Hit Online Identity Thieves With 'Takedowns,' 'Poisoning'. A patch-work of emerging technology applications are available targeted to financial services and e-commerce, seeking to address growing consumer concerns with e-mail and website fraud. This article reviews the challenges posed by phishing and the possibility that there may be federal regulations down the road.

Related references:

From the Privacy Rights Clearinghouse, this February 2005 update to their guide, Online Data Brokers: How Consumers Can Opt Out of Directory Assistance and Non-public Information, includes a chart detailing the specific procedure required by 17 free and fee-based websites and services which aggregate and provide access to a range of personal data. Take some time and review the information that these sites maintain on you, and be aware that they do not comprise all available online sources. Also note that unlike the Do-Not-Call Registry, opting out of these websites is not a one time request. As the database content is refreshed throughout the year, ensuring that your information is permanently removed may be an insurmountable challenge.

Press release: "U.S. adults are divided right down the middle on whether the potential privacy risks associated with a patient electronic medical record system outweigh the expected benefits to patients and society, according to Dr. Alan F. Westin, Professor of Public Law & Government Emeritus, Columbia University and Director of a new Program on Information Technology, Health Records & Privacy at Privacy & American Business (P&AB)."

Related references:

By Chris Jay Hoofnagle, associate director of the Electronic Privacy Information Center, Putting Identity Theft on Ice: Freezing Credit Reports to Prevent Lending to Impostors.

Health Industry Under Pressure to Computerize: "The federal government has delivered a warning to the health care industry: move into the computer age or the government will probably impose a solution."

Related resources:

The proliferation of PCs, digital cameras, cell phones and other electronic data collection and distribution gadgets has resulted in the increased importance of digital evidence in a range of cases outside the scope of those that involve cybercrimes such as ID theft and fraud.

"Web site operations are an integral part of an agency's program. Managing web records properly is essential to effective web site operations, especially the mitigation of the risks an agency faces by using the web to carry out agency business. This guidance will assist agency officials in this regard, including agency program staff, webmasters, IT staff, and other agency officials who have a role in web site management and administration." [Link]

From Business Week, Between You, The Doctor, And The PC - "More physicians and hospitals are putting their medical records online." As the digitization of health care records steadily increases, there are consequences for physicians and patients alike. As diagnositic data and patient health records are made available online via hospital intranets, they are vulnerable to hackers, and security and privacy concerns increase. [thanks Lois]

Yahoo! Desktop Search joins the party alongside similar software recently released by Google, Ask Jeeves, and Microsoft. Details about the features of Yahoo Desktop search are discussed in this FAQ, and PC Magazine weighs in with a positive review, as does Chris Sherman at Search Engine Watch.

Robert J. Ambrogi highlights 13 websites, launched this past year, that merit your review, including an online legal bookstore, an e-discovery resource, a new meta-search engine, and a collection of historical documents on the civil rights movement.

This Business Week article discusses the potential consequences of new rules on electronic discovery and records retention under consideration by the Committee on Rules of Practice and Procedure of the Judicial Conference of the United States. These rules will have a significant impact on corporations in every sector. Particularly controversial is the proposed "safe harbor" provision that would exempt companies from sanctions if e-records were destroyed as the result of routine IT operations.

Massachusetts e-Health Collaborative MeHC Incorporated 2004 (11 pages, PDF);

A new white paper by Dr. Carsten Sørensen of the London School of Economics (in conjunction with Microsoft UK), titled The Future Role of Trust in Work - The Key Success Factor for Mobile Productivity. According to InfoWorld, the report indicates "that managers are using technologies such as e-mail, mobile phones, and SMS (Short Messaging Service) to keep tabs on employees when in actuality they are reducing workers' productivity and the amount of time that they spend serving customers."

From the New York Times, this article reviews the challenges involved in work underway by NIH, industry and providers to coordinate and implement a digital health network.

Eight Simple Steps for Doing Effective E-Discovery, By Dennis Kennedy and George Socha, November 2004.

"Beginning November 1, 2004, all criminal case file documents available to the public at a courthouse also will be available remotely through the court's electronic access system." [Link]

Trusting Your Health History to the Web - Digitized medical records can help save lives. But are they secure enough?

Proposed rule, National Archives and Records Administration (NARA), Federal Register, November 3, 2004:

"On October 28, 2004, the Check 21 law (the Check Clearing Act for the 21st Century Act) will take effect. This new law allows banks to replace original paper checks with "substitute checks" that are made from digital copies of the originals. Learn about your rights under Check 21 at:
http://www.federalreserve.gov/paymentsystems/truncation/faqs.htm"

Adoption of e-record technology in the medical community has been a slow process, despite the availability of free hardware and software to faciliate the migration, according to this FCW article. Related Resources as follows:

"The CIO of the Cleveland Clinic Foundation is among the health-industry executives named to an 11-member federal commission to help the nation develop and implement health-IT standards that will serve as the foundation for establishing a system for universal electronic health records." [Link]

NARA prepares for a new era in records management

From the website: "The much-anticipated grand opening of America's first state government digital archives occurred on October 4, 2004...The Washington State Digital Archives is the nation's first archives dedicated specifically to the preservation of electronic records from both State and Local agencies that have permanent legal, fiscal or historical value."

Department of Home Security, Office of Inspector General, Office of Technology report: DHS Challenges in Consolidating Terrorist Watch List Information (54 pages, PDF, redacted).

See this article by Anita Ramasastry and my related posting.

Federal Courts Propose Rules for E-Discovery. Related document: Summary of Proposed Amendments to the Federal Rules (PDF) - Aug. 2004.

From today's WSJ, via Yahoo ($), this article, The Doctor Is Online: Secure Messaging Boosts the Use of Web Consultations, merits review. It addresses the issues of privacy, consultation fees and insurance coverage associated with secure messaging systems options now available for doctor-patient communications.

SB 1841 -- an act to add Section 436 to the Labor Code, relating to electronic monitoring of employees, awaits action by Governor Schwarzenegger.

A brief article in the August 26 Wall Street Journal, page B6, raises important questions concerning the security of confidential corporate documents stored on the hard drives of digital copiers, and potentially accessible by hackers if the drives have separate network addresses. From the article: "If a human resources department uses a digital photocopier to record employees' social security or driver's licenses, "That information is resident on that hard drive," says Edward McLaughlin, president of Sharp Document Solutions. "It is something that every financial institution is all over."

Anatomy Of Trial Technology: "Trial technologies are all the buzz for legal technologists, early adopters, vendors, and consultants - but have they made it to the main stream practice of law? This article traces availability and use of trial preparation and presentation software, court technology, and more through the most recent ABA Legal Technology Survey Report volume on Courtroom and Litigation Technology." by Catherine Sanders Reach.

From internetnews.com, this article details an update to software of interest to the legal community which facilitates the removal of sensitive information generated during the collaborative preparation of client related documents.

The Surging Evolution of E-Discovery

August 3, 2004 press release - National Archives Names Two Companies to Design an Electronic Archives

OCC Advisory Letter on Electronic Record Keeping, June 21, 2004:

From the Reporters Committee for Freedom of the Press, this news of a 2nd Circuit decision (33 pages, PDF) released on June 8, that in part concluded: "We hold that the public and press enjoy a qualified First Amendment right of access to docket sheets. We also hold that the defendant court administrators have the authority to grant access to those docket sheets if the documents were sealed solely in accordance with administrative orders."

City to delete its old e-mail: "After 90 days, messages will be gone from system; Public-records questions raised; Workers will have to find and save official material."

Press release from AIIM: American Companies Fail To Address Retention of Email and Electronic Records - Survey Finds "e-Records" Policies Non-Existent in Almost Half of Companies [Link]

"Nearly half of American companies have not adopted records retention policies for email and other electronic documents, despite the serious issues raised about corporate records keeping over the past two years.

In a new survey of 2,200 records managers, 47 percent said their company does not include electronic records in its retention and destruction schedules. Nearly 6 in 10 companies (59 percent) reported having no formal policy concerning the retention of emails.

Even more disturbing, 46 percent of companies reported having no system for placing holds on records in the event of pending litigation or a regulatory investigation leaving open the possibility that records critical to a legal matter could be destroyed. Moreover, 65 percent said their company's hold order policy, if one existed, did not include electronic records."

Alextronic Discovery: "An Electronic Discovery Blog covering news, articles and thoughts for the legal and corporate community," by Alex Lubarsky. The first posting was 11/09/03. (thanks Ben)

Microsoft issued a download for Office 2003/XP to allow users to"permanently remove hidden data and collaboration data, such as change tracking and comments, from Microsoft Word, Microsoft Excel, and Microsoft PowerPoint files." An important issue in itself, made even more relevant when considered alongside this article by Preston Gralla, published yesterday, about the creation of a purportedly "high-level [UK] intelligence dossier about Iraq" discovered to be "little more than a cut-and-paste job" constructed in Word.

From the January 2004 issue of Law Practice Today: Electronic Document Retention Policies (And Why Your Clients Need Them).

From law.com:

Electronic Discovery and Evidence by Michael R. Arkfeld, with eight chapters on topics that include: the creation and storage of electronic information, Computer Forensics, Experts and Service Bureaus, Discovery and Production Process, and Court Procedural Rules and Case Law.

"The Trademark Trial and Appeal Board (TTAB) of the U.S. Department of Commerce's United States Patent and Trademark Office (USPTO) has expanded the options for electronically filing documents in trademark disputes. Using the Electronic System for Trademark Trials and Appeals (ESTTA) system, parties to a dispute now can file more documents electronically with the TTAB, including requests for extension of time to oppose and notices of opposition. Parties also can use ESTTA to file motions and other documents in inter-partes cases." [Link]

From the USPS:

Chris Jay Hoofnagle, EPIC Deputy Counsel, will present the following paper, Public Records and Privacy (pdf), to the National Conference of Bankruptcy Judges 77th Annual Meeting on October 17. He examines the rights and responsibilities of data collectors and data subjects in the evolving system of online public records.

AP published a list of the 26 (of the 94) district courts that currently provide electronic filing and case management.

This press release from New Hampshire Governor Craig Benson announces the implementation of E-Library Services, which will "enable viewing all agency reports that are generated by the State’s budget, financial and human resource computer systems. All such reports will be viewable in a web-browser by authorized users. The e-Info Library Services will be an official State Archive repository, no longer requiring agencies to archive their own paper copies."

The Eighth Annual AmLaw Tech Survey, September 2003. Survey results were compiled from responses provided by 137 law firms, and address the following categories: document management, docketing & calendaring, spam defense, litigation support, and electronic evidence vendors. Additional information on expenditures related to hardware, software and IT related personnel is provided in another survey titled The Basics. Note that the average law firm technology budget for 2003 is almost $9 million. See also this article from which the survey results are linked: The Client Comes First.

From the September 2003 issue of ABA Law Practice Today, Electronic Discovery: The Top 10 Challenges and Solutions.

BarnesandNoble.com is no longer selling e-books, according to this posting on their website. However, a New York Times article by David D. Kirkpatrick, discusses the mid-September launch by Amazon.com of "a searchable online archive with the texts of tens of thousands of books of nonfiction, according to several publishing executives involved." This program is called Look Inside the Book II.

A committee of the Society of American Archivists, in conjunction with various associations representing imaging services providers, are evaluating new standards for a modified form of PDF, called PDF-A (for Portable Document Format Archive), which they propose as an option for the long-term storage of electronic documents.

AP reported that commercial online public records provider ChoicePoint has eliminated its database of "personal information of 65 million voting-age Mexican citizens" following a controvery surrounding the means by which this information was obtained. The company has a contract with the Dept. of Justice, which uses the system for activities associated with homeland security.

Marketplace response to the challenges of preserving digital documents appears to be incorporating a "back to the future" perspective according to this recent article, Upgrade and Archive: The Ongoing Threat of Data Extinction. The continual push to digitize documents into virtual libraries must be balanced against the critical issues associated with the lifespan of hardware and software. Digital libraries are subject to obsolescence long before print materials and their analog counterparts. For this reason, many librarians have long maintained microfiche and/or microfilm collections, which it is now apparent, reflected sound judgment and considerable foresight.

cdfreaks.com reports on a study by the Dutch magazine, PC-Active, involving tests on 30 separate brands of recordable CDs to ascertain whether data and audio tracks saved on the disks was still readable after a 20 month period. The very bad news was that despite marketing indicating data is stable for up to ten years, many brands cannot be read less than two years after they are recorded. (via Slashdot)

Scalable Exploitation of, and Responses to Information Leakage Through Hidden Data in Published Documents, by Simon Byers, AT&T's Research Labs.

From the Federal Register, July 28, 2003:

U.S. District Judge Royce C. Lamberth last week held the Environmental Protection Agency in contempt for destroying electronic documents in violation of a court order issued as a result of a Freedom of Information Act request. [Link]

Storing e-text for centuries describes the LOCKSS (for "lots of copies keep stuff safe") project for permanent publishing on the Web, which is the brainchild of Stanford University librarian Vicky Reich and researcher David Rosenthal.

Picking Up the Pieces:

From Ken Withers, a Research Associate at the Federal Judicial Center, links to a series of presentations and papers on electronic discovery.

Electronic Records: Management and Preservation Pose Challenges, by Linda D. Koontz, director, information management, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform. GAO-03-936T, July 8.

Two new articles on e-filing that address issues of technology standards, e-courts (there are currently 20 accepting such filings), security, and contracting with service providers:

From the press release: "The U.S. Department of Commerce’s United States Patent and Trademark Office (USPTO) announced today that effective June 30, 2003, all newly filed patent applications will be converted to electronic applications and processed electronically. Additionally, over the next 15 months, the USPTO will scan more than a half million pending applications into the electronic system." See the final rule in the Federal Register here.

Federal Decision Deals With Who Pays the Costs: Judge Shira Scheindlin's ruling in Zubulake v. UBS Warburg, 02 Civ. 1243, U.S. District Court, Southern District of New York, May 13, 2003, "lists seven factors to test in order to determine which side of a case should pay for electronic discovery."

According to this article from the Chronicle of Higher Education, the National Library of Medicine has created and published freely available standards, called the Journal Archiving and Interchange Document Type Definition (DTD), for the uniform digital publication and distribution of journal content.

Scanning Essentials for Your Office reviews applications, costs and options for creating e-records from text, pictures and images.

Tom O'Connor writes about the release of a new e-filing application that is a joint venture between Microsoft and BearingPoint Inc. (formerly KPMG). The service is currently being tested under contract with the state of Texas, and is based on the open-source LegalXML standard.

A follow-up to my posting yesterday on FERC's announcement concerning the temporary removal of Enron e-mails from the agency's database: Judge Melinda Harmon, United States District Court, Southern District of Texas, has "rejected Enron's request for a blanket protective order preventing parties from disclosing discovery documents to the public." This information is via the Reporters Committee for Freedom of the Press.

This United States Patent and Trademark Office proposed rulemaking seeks to implement a "beginning-to-end electronic processing of patent applications." The use of paper in the application process will be replaced by an imaging system to scan all documents and produce digital image files.

Today the Supreme Court ruled in two cases involving Megan's law, one from Connecticut and one from Alaska.

In Smith et al v. Doe et al, No. 01-729, (PDF - appeal in Doe I v. Otte, 259 F.3d 979, C.A. 9, Alaska, 2001) the court upheld the right of states to use the web to post photos of convicted sex offenders. "Alaska's sex offender registration act requires convicted sex offenders to register with the Alaska Department of Public Safety and makes offender information available to the public. The department elected to publish the information on the Internet."

In Connecticut Department of Public Safety v. John Doe, 01-1231 (PDF), the court determined that Connecticut's sex offender registry does not deprive offenders of "a liberty interest" nor violate the due process clause. For background on this case, see this National Conference of State Legislatures site.


See also this Cornell Legal Information Institute webpage that provides separate links to the following HTML documents in Smith v. Doe: Syllabus, Opinion [Kennedy], Concurrence [Thomas], Concurrence [Souter], Dissent [Opinion of Stevens], Dissent [Ginsburg].

This article reviews two applications, RoboPDF 2.0 ($50) and pdfFactory ($50), that offer a low-cost alternative for attorneys currently using Adobe to create database repositories of documents.

From the March 2003 issue of AmLaw Tech, this article on a customized electronic discovery application called Patterns, developed for Preston Gates, is described as "a search engine on steroids."

The ABA Law Practice Management Section recently launched a new e-zine, Law Practice Today, that focuses on "law practice marketing, management, technology, and finance." From the February 14 issue, an article by attorney Joseph Kashi, Systematic Discovery and Organization of Electronic Evidence, focuses on how "gaining an early, effective, and systematic approach to your electronic discovery efforts can make or break your case."

This law.com article reviews the two major applications under consideration as standards for electronically archiving court documents: "Portable Document Format (PDF) designed especially for long-term archiving, called PDF-Archive or PDF-A. The second format is Extensible Markup Language (XML)."

The U.S. Court of Appeals for the D.C. Circuit posted the following statement: "As of February 4, 2003, opinions are available as PDF documents to better represent the formatting of the printed slip opinion." Thanks to Donna Cavallini for the link.

The New York City Council has passed, and sent to Mayor Bloomberg for signature, the first bill of its kind for any city or state, requiring online publication of all city agency reports and publications within ten days of issuance. A prior press release is available here.

All documents are to be sent in electronic format to the Department of Records and Information Services (DORIS). Thereafter, they will be made available to the public via the My NYC.gov Portal.

In this article, Companies Are Divided on Providing Online Data, the New York Times examines the growing trend among corporate websites to limit the amount of financial data they make available to investors, who often make corporate sites their first stop when conducting research. While some companies choose to continue to provide a deep archive of financial reports that stretches back to the 1980s (such as Home Depot), many others are limiting the reports they provide to only one or two years, contending there are numerous free and fee-based sources available to obtain such data.

Beginning in 2003, the Federal District Court in New Jersey will switch from using snail-mail in favor of faxing documents to "consenting parties" as they transition to the implementation of an e-filing system, according to this law.com article.

On December 18, the SEC proposed: "the mandatory electronic filing of change of beneficial ownership reports required to be filed by officers, directors and principal security holders under Section 16(a) of the Securities Exchange Act of 1934, and Web site posting of such reports by issuers with corporate Web sites."

The U.S. District Court for the Northern District of Georgia issued Standing Order 02-01, Electronic Access to Public Records and Sensitive Information, on October 17, 2002. The document stipulates that effective January 1, 2003, the court "intends to make electronic access to court files available through PACER by imaging documents into the court's computer system."

As I reported in November, the USPTO has undertaken an ambitious plan to transition to a paperless public access system. However, this new agency announcement indicates that there is now a greater understanding of the tremendous challenges inherent in this project, and the need to ensure that paper copies continue to be available to prevent a data gap.

The U.S. District Court, Southern District of New York, issued a press release on December 2 stating its plan to implement a new e-filing and case management system in February 2003.

The California state government learned the hard way the repercussions of not acting swiftly to respond to, secure and disclose that employee personal data was comprised by a wide scale database hacking operation in April 2002. Fast forward, and their legislature is now the first in the country to pass a law to prevent the fall-out of such future attacks. Their action comes in the form of passage of SB 1386, effective July 1, 2003. It requires that "a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person."

This interesting commentary reviews the requirement for documents management in the post-Enron and Sarbanes-Oxley Act corporate environment. Destroying corporate documents, via shredding or other "digital" means can be a criminal act, so increased attention is warranted to how internal documents are stored, shared and deleted.

The U.S. National Archives and Records Administration (NARA) issued a guidance detailing the procedures necessary for the transfer of email messages and attachments to the agency.

"'Why Do We Need to Keep This in Print? It's on the Web ...':
a Review of Electronic Archiving Issues and Problems," by Dorothy Warner.

According to this New York Times article, Dr. Raymond Lorie, Research Fellow at the IBM Almaden Research Center, has been testing a program to preserve digital documents so that they can be read decades into the future, despite the obvious obstacles of the evolution of hardware and software. A paper he wrote on the topic, titled A Project on Preservation of Digital Data, describes the program as follows: "For data archiving, we propose to save a program P that can extract the data from the bit stream and return it to the caller in an understandable way, so that it may be exported to a new system. The program P is written for a Universal Virtual Computer (UVC). All that is needed in the future for executing P is an interpreter of the UVC instructions. The execution of P in the future will return the data with additional information, according to the metadata (which is also archived)."

For more context and other perspectives on this important issue, see Richard Wiggins' article, Digital Preservation: Paradox & Promise (from the Library Journal, 4/15/2001, reg. req.) Richard also recommends an excellent resource from the National Library of Australia: PADI, Preserving Access to Digital Information. Here you will find links to topical articles, organizations and web sites, policies, strategies and guidelines, projects and cases, and related journals and newsletters.

NARA is facing the daunting task of archiving millions of electronic records for public access, many of which were created using formats that are now obsolete.