E-Records
January 26, 2010
* Ponemon 2009 Annual Study: Cost of a Data Breach

"This 2009 Ponemon Institute 2009 Annual Study: Cost of a Data Breach - Understanding Financial Impact, Customer Turnover, and Preventive Solutions examines the costs incurred by 45 organizations after experiencing a data breach. Results were not hypothetical responses; they represent the cost estimates of activities resulting from the actual data loss incidents. This is the fifth annual survey of this issues. Breaches included in the survey included ranged from approximately 5,000 records to more than 101,000 records from 15 different industry sectors."

January 17, 2010
* Obama White House E-mail Archiving Plan Revealed

Follow up to previous postings on Follow up to previous postings on missing White House emails during Bush administrations, from the National Security Archive: "Pursuant to a settlement reached between the National Security Archive and the White House Executive Office of the President (EOP), the White House today issued a letter describing critical aspects of the EOP unclassified network e-mail preservation and archiving system now used in the White House. Among other specifics, the letter describes:

  • Automated capture and preservation of all e-mail and Blackberry messages sent or received on the EOP’s unclassified network;
  • Documents segregated into component-specific repositories and broad search capabilities that improve the ability to find e-mail records in response to legal or administrative needs;
  • Blocking of access to personal and external Web-based e-mail systems from White House unclassified workstations;
  • Controls against unauthorized deletion of e-mails and an accounting of any deleted e-mails;
  • Systematic emergency recovery backups of the system; and
  • Automatically generated audit reports and system health-check dashboard reports to assist in the identification of problems."

January 11, 2010
* EPIC Posts TSA Documents on Body Scanners

Follow up to previous postings on government implementation of whole body scanning technology at airports, news that EPIC has posted more than 250 pages of documents it obtained in a Freedom of Information Act lawsuit concerning body scanners. The documents, released by the Department of Homeland Security, reveal that Whole Body Imaging machines can record, store, and transmit digital strip search images of Americans. This contradicts assurances made by the TSA. The documents include TSA Procurement Specifications, TSA Operational Requirements, TSA contract with L3, TSA contract with Rapiscan (1), and TSA contract with Rapiscan (2). The DHS has withheld other documents that EPIC is seeking."

December 14, 2009
* CREW, National Security Archive and Obama Administration Settle Lawsuit Over Missing Bush White House Email

News release: "Today, Citizens for Responsibility and Ethics in Washington (CREW) and the National Security Archive (NSA) reached a final settlement of their long-running lawsuits challenging the failure of the Bush White House and the National Archives and Records Administration (NARA) to take any action after confronted with evidence that millions of emails had gone missing from Bush White House servers over a two and one-half year period. The lawsuits followed CREW’s revelation in April 2008 that the White House had discovered the problem in the fall of 2005. Nevertheless, the Bush White House failed to recover or restore the missing emails and knowingly continued to use a broken system for preserving electronic records. Under the terms of the settlement, the Executive Office of the President (EOP) will restore a total of 94 days of missing emails, which will then be sent to NARA for preservation and eventual access under either the Presidential Records Act or the Federal Records Act."

October 20, 2009
* HHS OIG: Medicare Part D Plan Sponsor Electronic Prescribing Initiatives

Medicare Part D Plan Sponsor Electronic Prescribing Initiatives (OEI-05-08-00322), Otober 16, 2009

  • "E-prescribing occurs when a prescriber uses a computer or an electronic hand-held device, such as a personal digital assistant, to write and send a prescription directly to a dispenser. Before a prescriber sends a prescription to a dispenser, he or she can request electronic data regarding patient eligibility, formulary and benefits, and medication history from the patient’s health insurance plan."
  • October 19, 2009
    * Consumer Data Broker ChoicePoint Failed to Protect Consumers' Personal Data

    News release: "ChoicePoint, Inc., one of the nation’s largest data brokers, has agreed to strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order. This failure left the door open to a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft. ChoicePoint has now agreed to a modified court order that expands its data security assessment and reporting duties and requires the company to pay $275,000. In April 2008, ChoicePoint (now a subsidiary of Reed Elsevier, Inc.) turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days. After discovering the breach, the company brought the matter to the FTC’s attention."

    October 18, 2009
    * New on LLRX: Using Technology To Estimate, Control And Manage Litigation Document Review Budgets

    Using Technology To Estimate, Control And Manage Litigation Document Review Budgets: Conrad J. Jacoby details approaches and exercises that contribute to a successful process for calculating - and staying within - a realistic budget for a litigation or regulatory document review.

    October 01, 2009
    * New Rules Protect Patients' Genetic Information

    News release: "Individuals’ genetic information will have greater protections through new regulations issued today by the U.S. Departments of Health and Human Services (HHS), Labor, and the Treasury. The interim final rule will help ensure that genetic information is not used adversely in determining health care coverage and will encourage more individuals to participate in genetic testing, which can help better identify and prevent certain illnesses."

    September 13, 2009
    * New on LLRX.com: Legal Implications of Cloud Computing - Part One (the Basics and Framing the Issues)

    Legal Implications of Cloud Computing - Part One (the Basics and Framing the Issues) - Attorney David Navetta contends that there there will be significant financial pressure on organizations to take advantage of the pricing and efficiency of cloud computing, and if attorneys fail to understand the issues ahead of time there is a serious risk of getting "bulldozed" into cloud computing arrangements without time or resources to address some serious legal issues that are implicated.

    August 18, 2009
    * FTC Issues Final Breach Notification Rule for Electronic Health Information

    News release: " The Federal Trade Commission has issued a final rule requiring certain Web-based businesses to notify consumers when the security of their electronic health information is breached. Congress directed the FTC to issue the rule as part of the American Recovery and Reinvestment Act of 2009. The rule applies to both vendors of personal health records – which provide online repositories that people can use to keep track of their health information – and entities that offer third-party applications for personal health records. These applications could include, for example, devices such as blood pressure cuffs or pedometers whose readings consumers can upload into their personal health records. Consumers may benefit by using these innovations, but only if they are confident that their health information is secure and confidential."

    August 17, 2009
    * DOE IG: Protection of the Department of Energy's Unclassified Sensitive Electronic Information

    Audit Report, Protection of the Department of Energy's Unclassified Sensitive Electronic Information - DOE/IG-0818 August 2009:

  • "The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special handling and protection to prevent misuse of the information for inappropriate purposes. Industry experts have reported that more than 203 million personal privacy records have been lost or stolen over the past three years, including information maintained by corporations, educational institutions, and Federal agencies. The loss of personal and other sensitive information can result in substantial financial harm, embarrassment, and inconvenience to individuals and organizations. Therefore, strong protective measures, including data encryption, help protect against the unauthorized disclosure of sensitive information."
  • August 09, 2009
    * Personal Prescription and Medical Data Widely Sold and Distributed

    New York Times, And You Thought a Prescription Was Private : "...in fact, prescriptions, and all the information on them — including not only the name and dosage of the drug and the name and address of the doctor, but also the patient’s address and Social Security number — are a commodity bought and sold in a murky marketplace, often without the patients’ knowledge or permission...

  • See also CDT's Health Privacy Project which states that the organization "will take on key policy questions, including: the proper role of notice and consent, the right of patients to access their own health records in electronic formats, identification and authentication, secondary uses, and enforcement mechanisms. It will address both the traditional exchange of records among providers and payers, as well as new consumer access services and Personal Health Records."
  • July 29, 2009
    * New on LLRX.com - Blackberry Apps for Lawyers

    Blackberry Apps for Lawyers: Nicole Black highlights an assortment of Blackberry applications for research, document management, mobile communications, music, dictation and more - all of which would benefit just about any law practice.

    July 24, 2009
    * New GAO Reports: Combating Gangs, Electronic Records Archive, Federal-Aid Highways, Juvenile Justice
    • Combating Gangs: Better Coordination and Performance Measurement Would Help Clarify Roles of Federal Agencies and Strengthen Assessment of Effort, GAO-09-708, July 24, 2009
    • Electronic Records Archive: The National Archives and Records Administration's Fiscal Year 2009 Expenditure Plan, GAO-09-733, July 24, 2009
    • Federal-Aid Highways: FHWA Has Improved Its Risk Management Approach, but Needs to Improve Its Oversight of Project Costs, GAO-09-751, July 24, 2009
    • Juvenile Justice: Technical Assistance and Better Defined Evaluation Plans Will Help to Improve Girls' Delinquency Program, GAO-09-721R, July 24, 2009
    • Project BioShield Act: HHS Has Supported Development, Procurement, and Emergency Use of Medical Countermeasures to Address Health Threats, GAO-09-878R, July 24, 2009
    • National Transportation System: Options and Analytical Tools to Strengthen DOT's Approach to Supporting Communities' Access to the System, GAO-09-753, July 17, 2009
    • Transportation Security: Key Actions Have Been Taken to Enhance Mass Transit and Passenger Rail Security, but Opportunities Exist to Strengthen Federal Strategy and Programs, GAO-09-678, June 24, 2009
    April 27, 2009
    * New on LLRX.com: E-Discovery in the $50,000 Case

    E-Discovery Update: E-Discovery in the $50,000 Case - Conrad J. Jacoby's focus for this column is smaller legal disputes that may involve electronic evidence, including divorce proceedings and child custody matters, as well as criminal cases, all of which may require review of cell phone call records, SMS and e-mail exchanges.

    February 15, 2009
    * New on LLRX.com - E-Discovery Update: Revisiting ESI Agreements and Court Orders

    E-Discovery Update: Revisiting ESI Agreements and Court Orders - Conrad J. Jacoby focuses on the new requirement that litigants must meet early in a dispute to discuss the scope of discovery work to reach agreement on how best to proceed with the discovery of potentially relevant electronically stored information (“ESI”). What happens, though, when fundamental assumptions used to reach agreement at that early stage in the case turn out to be incorrect?

    February 01, 2009
    * New on LLRX.com: In 2009, Your Lawyers Are Your Best Knowledge Management Resource

    Ahead of the Curve: In 2009, Your Lawyers Are Your Best Knowledge Management Resource - Gretta Rusanow outlines her recommendations on why this year presents an excellent opportunity to work on those long-desired collections of models, best practice documents, sample clauses and know how files.

    January 31, 2009
    * EPIC: House Economic Recovery Bill Includes Privacy Safeguards for Medical Information

    "The American Recovery and Reinvestment Act of 2009, adopted by the House this week, includes strong privacy provisions ("Subtitle D - Privacy") for the proposed medical health network. Among the key provisions: a ban on the sale of health information, audit trails, encryption, rights of access, improved enforcement mechanisms, and support for advocacy groups to participate in the regulatory process. Patient Privacy Rights has expressed support for the legislation. A similar bill, S. 336, is pending in the Senate. Senator Leahy has called for strong safeguards to protect America's health privacy. For more information, see EPIC's page on Medical Privacy."

    January 28, 2009
    * New GAO Reports: Air Sovereignty Alert Operations, Electronic Health Records, Military Training
    • Homeland Defense: Actions Needed to Improve Management of Air Sovereignty Alert Operations to Protect U.S. Airspace, GAO-09-184, January 27, 2009
    • Medicare: Callers Can Access 1-800-MEDICARE Services, but Responsibility within CMS for Limited English Proficiency Plan Unclear, GAO-09-104, December 29, 2008
    • Electronic Health Records: DOD's and VA's Sharing of Information Could Benefit from Improved Management, GAO-09-268, January 28, 2009
    • Military Training: Navy and Air Force Need to More Fully Apply Best Practices to Enhance Development and Management of Combat Skills Training, GAO-09-220R, January 28, 2009
    January 26, 2009
    * Report: Rethinking the Role of Consent in Protecting Health Information Privacy

    News release: "CDT today released a major policy paper intended to move the health privacy debate from its outdated focus on patient consent to a comprehensive framework that will provide more effective privacy protection. CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network. CDT's paper argues that personal health information should easily flow for treatment, payment, and certain core administrative tasks without requiring patient consent, but that stricter limits need to be placed on marketing and other secondary uses."

  • Center for Democracy and Technology - Rethinking the Role of Consent in Protecting Health Information Privacy, January 2009
  • January 07, 2009
    * New GAO Reports: Social Security Administration's Electronic Data Exchanges, Protecting Marine Mammals from Commercial Fishing
    • Information Technology: Demand for the Social Security Administration's Electronic Data Exchanges Is Growing and Presents Future Challenges, GAO-09-126, December 04, 2008: "Through more than 3,000 data exchanges with federal and state agencies, SSA both receives incoming data to support its own programs and provides outgoing data to support programs of other federal and state agencies. Most of these exchanges involve collecting incoming electronic data from other agencies, primarily to support the administration of Social Security benefits programs. The outgoing data from SSA to other federal and state agencies typically provide Social Security number verifications or are used to implement payment offsets in support of other agencies’ business operations. In this regard, the agency performs more than a billion transactions to verify Social Security numbers for federal and state agencies each year."
    • National Marine Fisheries Service: Improvements Are Needed in the Federal Process Used to Protect Marine Mammals from Commercial Fishing, GAO-09-78, December 08, 2008: "Because marine mammals, such as whales and dolphins, often inhabit waters where commercial fishing occurs, they can become entangled in fishing gear, which may injure or kill them - this is referred to as “incidental take.” The 1994 amendments to the Marine Mammal Protection Act (MMPA) require the National Marine Fisheries Service (NMFS) to establish take reduction teams for certain marine mammals to develop measures to reduce their incidental takes. GAO was asked to determine the extent to which NMFS (1) can accurately identify the marine mammal stocks— generally a population of animals of the same species located in a common area — that meet the MMPA’s requirements for establishing such teams, (2) has established teams for those stocks that meet the requirements, (3) has met the MMPA’s deadlines for the teams subject to them, and (4) evaluates the effectiveness of take reduction regulations. GAO reviewed the MMPA, and NMFS data on marine mammals, and take reduction team documents and obtained the views of NMFS officials, scientists, and take reduction team members."
    January 05, 2009
    * New on LLRX: Metadata - What Is It and What Are My Ethical Duties?

    Metadata - What Is It and What Are My Ethical Duties?: Jim Calloway explains why every lawyer needs to understand a few basic things about metadata. He contends that the legal ethics implications of metadata “mining” are no longer just of interest to the lawyers processing electronic discovery, or the ethics mavens.

    January 04, 2009
    * New York Times Editorial - Bush Legacy of Secrecy and Consequences

    Editorial - Exit Stonewalling: "...E-mail messages that have gone suspiciously missing are estimated to number in the millions. These could illuminate some of the administration’s darker moments, including the lead-up to the Iraq war, when intelligence was distorted, the destruction of videotapes of C.I.A. torture interrogations, and the vindictive outing of the C.I.A. operative Valerie Plame Wilson. The deep-sixed history also includes improper business conducted by more than 50 White House appointees via e-mail at the Republican Party headquarters. Historians and archivists are suing the administration. We should be grateful for their efforts. Entire days of e-mail records have turned up conveniently blank at the offices of President Bush and Vice President Dick Cheney."

    January 03, 2009
    * CRS: Presidential Libraries: The Federal System and Related Legislation

    Presidential Libraries: The Federal System and Related Legislation, Updated November 26, 2008.

  • "Through the National Archives and Records Administration, the federal government currently manages and maintains 12 presidential libraries. Inaugurated with the Presidential Libraries Act of 1955, these entities are privately constructed on behalf of former Presidents and, upon completion, are deeded to the federal government. Deposited within these edifices are the official records and papers of the former President, as well as documentary materials of his family and, often, his political associates. These holdings are made available for public examination in accordance with prevailing law concerning custody, official secrecy, personal privacy, and other similar restrictions. This report provides a brief overview of the federal presidential libraries system and tracks the progress of related legislation (H.R. 1254, H.R. 1255,
    H.R. 5811, S. 886)."
  • December 27, 2008
    * Release of Bush White House Data to National Archives Overwhelms Infrastructure

    New York Times: "The National Archives has put into effect an emergency plan to handle electronic records from the Bush White House amid growing doubts about whether its new $144 million computer system can cope with the vast quantities of digital data it will receive when President Bush leaves office on Jan. 20. The technical challenge was an inevitable result of the explosion in cybercommunications, which will make the electronic record of the Bush years about 50 times as large as that left by the Clinton White House in 2001, archives officials estimate. The collection will include top-secret e-mail tracing plans for the Iraq war..."

    December 20, 2008
    * HHS's Leavitt Announces New Privacy Principles, Agency Issues Guidance

    CDT: "HHS Secretary Leavitt announced new key privacy principles for electronic health information exchange. In addition, HHS’s Office of Civil Rights published new HIPAA Privacy Rule guidance, which provides important clarifying information on how the Privacy Rule governs covered entities engaged in electronic health information exchange. For example, it clarifies when covered entities must enter into business associate agreements with health information exchanges; it also makes clear that HIPAA Privacy and Security Rules cover consumer personal health records offered by covered entities. However, the guidance merely encourages the adoption of stronger privacy and security policies consistent with the new principles. CDT calls on Congress and the new Administration to implement a comprehensive, enforceable framework of protections for personal health information that builds public trust and facilitates widespread adoption of health IT."

  • HHS Press Release on Leavitt's Annoucement
  • HIPAA Privacy Rule Guidance Documents
  • December 14, 2008
    * New on LLRX.com: E-Discovery Update - My E-Discovery Holiday Wish List

    E-Discovery Update: My E-Discovery Holiday Wish List - Conrad J. Jacoby's holiday wish is for the legal community to finally develop one or more judicially accepted standards that can be used to craft consistent ways of requesting and producing information. With baseline procedures in place, both producing and requesting parties, as well as judges, will be able to make more informed decisions about the need for discovery and the way in which such discovery should be conducted.

    November 30, 2008
    * Collective Intelligence Tools and Impact on Privacy

    You’re Leaving a Digital Trail. What About Privacy? by John Markoff: "Propelled by new technologies and the Internet’s steady incursion into every nook and cranny of life, collective intelligence offers powerful capabilities, from improving the efficiency of advertising to giving community groups new ways to organize. But even its practitioners acknowledge that, if misused, collective intelligence tools could create an Orwellian future on a level Big Brother could only dream of. Collective intelligence could make it possible for insurance companies, for example, to use behavioral data to covertly identify people suffering from a particular disease and deny them insurance coverage. Similarly, the government or law enforcement agencies could identify members of a protest group by tracking social networks revealed by the new technology."

  • See also: "While people have talked about collective intelligence for decades, new communication technologies—especially the Internet—now allow huge numbers of people all over the planet to work together in new ways. The recent successes of systems like Google and Wikipedia suggest that the time is now ripe for many more such systems, and the goal of the MIT Center for Collective Intelligence is to understand how to take advantage of these possibilities."
  • November 20, 2008
    * New GAO Reports: Freight Congestion, DHS Programs Oversight, Health Information Technology
    • Approaches to Mitigate Freight Congestion, GAO-09-163R, November 20, 2008
    • Department of Homeland Security: Billions Invested in Major Programs Lack Appropriate Oversight, GAO-09-29, November 18, 2008
    • Contract Management: DOD Developed Draft Guidance for Operational Contract Support but Has Not Met All Legislative Requirements, GAO-09-114R, November 20, 2008
    • Health Information Technology: More Detailed Plans Needed for the Centers for Disease Control and Prevention's Redesigned BioSense Program, GAO-09-100, November 20, 2008
    • International Environmental Oversight: U.S. Agencies Follow Certain Procedures Required by Law, but Have Limited Impact, GAO-09-99, November 20, 2008
    November 03, 2008
    * CRS: Presidential Transitions: Issues Involving Outgoing and Incoming Administrations

    CRS Report - Presidential Transitions: Issues Involving Outgoing and Incoming Administrations, October 23, 2008.

  • "The smooth and orderly transfer of power can be a notable feature of presidential transitions, and a testament to the legitimacy and durability of the electoral and democratic processes. Yet, at the same time, a variety of events, decisions, and activities contribute to what some may characterize as the unfolding drama of a presidential transition. Interparty transitions in particular might be contentious. Using the various powers available, a sitting President might use the transition period to attempt to secure his legacy or effect policy changes. Some observers have suggested that, if the incumbent has lost the election, he might try to enact policies in the waning months of his presidency that would “tie his successor’s hands.” On the other hand, a President-elect, eager to establish his policy agenda and populate his Administration with his appointees, will be involved in a host of decisions and activities, some of which might modify or overturn the previous Administration’s actions or decisions."
  • September 22, 2008
    * Court Orders VP Cheney to Preserve Documents in Citizens Group Lawsuit

    Follow up on postings related to the White House visitor logs, this news release: "U.S. District Court Judge Colleen Kollar-Kotelly issued a preliminary injunction in CREW, et al. v. Cheney et al., requiring Vice President Cheney, the Office of the Vice President, the Executive Office of the President, that archivist and the National Archives and Records Administration to preserve all vice presidential records, broadly defined to encompass all records relating to the vice president carrying out his constitutional, statutory or other official or ceremonial duties."

    September 15, 2008
    * New on LLRX.com: Commentary on New FBI Anti-Terror Guidelines

    Commentary: New FBI Anti-Terror Guidelines - Beth Wellington's commentary focuses on congressional and public response to the guidelines, related public surveillance actions, and on ramifications to civil liberties now and in future.

    September 09, 2008
    * Treatment of Agency Records Maintained For an Agency By a Government Contractor for Purposes of Records Management

    DOJ FOIA Post: "In light of Section 9 [Section 9 amends 5 U.S.C. § 552(f), the definitions provision of the FOIA, by including in the definition of “record” any information “maintained for an agency by an entity under Government contract, for the purposes of records management.” This provision makes clear that records, in the possession of Government contractors for purposes of records management, are considered agency records for purposes of the FOIA] of the OPEN Government Act, it is important for agencies to ensure that their searches for records in response to FOIA requests include any potentially responsive agency records that may be in the possession of an entity under contract with the agency for purposes of records management. Any agency employing such a government contractor to manage or store its records must institute appropriate procedures to allow it to search for and identify agency records that may be responsive to a FOIA request that are in the possession of that records management-contractor. Given that the clear intent of this provision is to clarify that the location of the agency records in the hands of the contractor for records management purposes does not remove the records from the scope of the FOIA, such records must be capable of being searched in response to FOIA requests. If responsive agency records are located in the possession of the records management-contractor, they should be forwarded to the appropriate FOIA office within the agency for processing. Such records must be identified and handled by the agency just as if they had been in the possession of the agency in the first instance."

  • Related FOIA Facts by Scott A. Hodes on LLRX.com
  • September 04, 2008
    * New on LLRX.com - E-Discovery Update: Producing Spreadsheets in Discovery

    E-Discovery Update: Producing Spreadsheets in Discovery – 2008

  • In spite of great financial investment to produce these documents in a way that satisfies competing litigation needs of authenticity and full native functionality, litigants continue to disagree on a production format for these documents, according to Conrad J. Jacoby.
  • August 25, 2008
    * CDT: Limits Needed On DHS Border Crossing and Driver Information Databases

    CDT: "In comments filed with the Department of Homeland Security today, CDT highlighted privacy concerns implicated by DHS' new system of databases to record personal information and border crossing history. CDT called on DHS to reduce the 15-year period for retaining records of the date, time and place an American re-enters the United States at the land borders, and to limit the vast array of "routine uses" for which that data can be shared with other government agencies, foreign governments, and the public. In related comments, CDT urged DHS to work with states and other issuers of new "enhanced drivers licenses" to provide the department with access only to personal information about drivers crossing the border rather than information about all those holding EDLs, and to ensure that states do not create their own records of drivers' border crossing activities."

    August 24, 2008
    * Court Files: Personal Data Identifiers May Not Be Part of the Record

    The Third Branch: "To protect the privacy of litigants, the Federal Rules of Practice and Procedure require that certain personal data identifiers be modified or partially redacted from federal court case files. These identifiers are Social Security numbers, dates of birth, financial account numbers, and names of minor children, and in criminal cases, also home addresses. In all cases, it is the responsibility of the attorney and the parties in the case to redact personal identifiers...

    Many courts, such as the District of Arizona and the Northern District of California, have posted information to their websites on effective redaction techniques. For a look at their tips, visit their websites at: https://ecf.cand.uscourts.gov/cand/faq/tips/redacting.htm or http://www.azd.uscourts.gov/azd/cm-ecf.nsf/docview/files/$file/redaction.pdf"

    July 28, 2008
    * New GAO Reports: Tax Expenditures, Electronic Health Records, Bankruptcy Reform, Prescription Drug Oversight, Financial Audit Manual
    • Telecommunications: Agencies Are Generally Following Sound Transition Planning Practices, and GSA Is Taking Action to Resolve Challenges, GAO-08-759, June 27, 2008
    • Tax Expenditures: Available Data Are Insufficient to Determine the Use and Impact of Indian Reservation Depreciation, GAO-08-731, June 26, 2008
    • Electronic Health Records: DOD and VA Have Increased Their Sharing of Health Information, but More Work Remains, GAO-08-954, July 28, 2008
    • Bankruptcy Reform: Dollar Costs Associated with the Bankruptcy Abuse Prevention and Consumer Protection Act of 2005, GAO-08-697, June 27, 2008
    • Prescription Drugs: FDA's Oversight of the Promotion of Drugs for Off-Label Uses, GAO-08-835, July 28, 2008
    • DOD Business Systems Modernization: Key Marine Corps System Acquisition Needs to Be Better Justified, Defined, and Managed, GAO-08-822, July 28, 2008
    • Financial Audit Manual: Volume 1, July 2008, GAO-08-585G, July 25, 2008
    • Financial Audit Manual: Volume 2, July 2008, GAO-08-586G, July 25, 2008
    July 26, 2008
    * New GAO Reports: Government Performance, Public Transportation, Processing Nuclear Material, USPS,
    • Government Performance: 2007 Federal Managers Survey on Performance and Management Issues: (GAO-08-1036SP, July 2008), an E-supplement to GAO-08-1026T, GAO-08-1036SP, July 24, 2008
    • Government Performance: Lessons Learned for the Next Administration on Using Performance Information to Improve Results, GAO-08-1026T, July 24, 2008
    • Nuclear Material: DOE Needs to Take Action to Reduce Risks Before Processing Additional Nuclear Material at the Savannah River Site's H-Canyon, GAO-08-840, July 25, 2008
    • Public Transportation: Improvements Are Needed to More Fully Assess Predicted Impacts of New Starts Projects, GAO-08-844, July 25, 2008
    • State Department: Comprehensive Strategy Needed to Improve Passport Operations, GAO-08-891, July 25, 2008
    • U.S. Postal Service: USPS Has Taken Steps to Strengthen Network Realignment Planning and Accountability and Improve Communication, GAO-08-1022T, July 24, 2008
    July 25, 2008
    * Annual Report to Congress on the Information Sharing Environment

    "This second Annual Report to the Congress on the Information Sharing Environment (ISE) describes the state of the ISE, highlights areas where there has been measurable progress in improving information sharing, and demonstrates the value of the ISE to the Nation's broader counterterrorism (CT) mission. In particular, the President's October 2007 National Strategy for Information Sharing (NSIS) reinforced the importance of information sharing as a national priority. The NSIS integrates all prior terrorism-related information sharing policies, directives, plans, and recommendations, and provides a national framework against which to implement the ISE. While the complexity of the information sharing challenge should not be underestimated, significant progress has been made. This report addresses progress in information sharing to date, while revealing how the paradigm of information sharing—and the ISE in particular—has broadly permeated our institutions of government."

    July 24, 2008
    * CBO: Evidence on the Costs and Benefits of Health Information Technology

    Evidence on the Costs and Benefits of Health Information Technology
    July 24, 2008 - Testimony before the Subcommittee on Health, Committee on Ways and Means, U.S. House of Representatives.

  • "This Congressional Budget Office (CBO) analysis focuses on evidence about the benefits and costs of health IT and identifies and analyzes barriers to its adoption. Research indicates that in certain settings, health IT appears to make it easier to reduce health spending if other steps in the broader health care system are also taken to alter incentives to promote savings. By itself, the adoption of more health IT is generally not sufficient to produce significant cost savings."
  • July 20, 2008
    * New on LLRX.com: Sex Offender Residency Restrictions, Lessons From An E-Discovery Disaster
    • Criminal Justice Resources: Sex Offender Residency Restrictions - Ken Strutin's guide collects recent court decisions, research papers and reports that have addressed the efficacy of exclusionary zoning laws and the impact of these restrictions on sex offenders reentering their communities. Published July 20, 2008
    • E-Discovery Update: Lessons From An E-Discovery Disaster - Conrad J. Jacoby examines the recent case of Southern New England Telephone Company (“SNET”) v. Global NAPS, Inc. as an example of how stonewalling and committing perjury, especially with respect to electronic discovery matters that can be independently validated, remains a poor litigation strategy. Published July 20, 2008
    July 10, 2008
    * NASCIO Report: State CIOs and Electronic Records

    "The National Association of State Chief Information Officers (NASCIO) is pleased to announce the release of its research brief, Ready for the Challenge? State CIOs and Electronic Records. The brief is a product of NASCIO's Electronic Records and Digital Preservation Working Group and may be found online. States continue to struggle with new challenges presented by a growing portfolio of electronic records and digital content that must be preserved. Within this context, the issue of electronic records (e-records) management has emerged as a high-priority policy and technology issue for state CIOs. This issue is now driven by emerging trends such as new Web 2.0 collaboration tools that create e-records in forms that are transitory, yet still document the business of government. The importance of the subject is driven by vulnerability of essential e-records during disasters and a growing emphasis on transparency and accountability in state government, including online public access to records on spending, performance, procurements, and contracts."

    July 02, 2008
    * New on LLRX.com

    E-Discovery Update: Precision, Accuracy, and Relevance - Conrad J. Jacoby discusses the challenges and ramifications inherent in an evironment where litigants have increasingly come to rely on computerized search queries rather than free-form document review to identify potentially relevant documents. — Published June 30, 2008

    June 30, 2008
    * Biometric Palm-reading system implemented to secure patient records

    Bryn Nelson, MSNBC, Giving biometrics a hand: "An electronic palm reader is helping one of the largest healthcare systems in the U.S. and several banks in Japan divine the true identities of their patients and customers. The key? A near-infrared camera that captures each person’s unique palm vein pattern, or template."

    June 28, 2008
    * SSA OIG: Benefit Payments in Instances Where the Social Security Administration Removed a Death Entry from the Beneficiary's Record

    OIG, Social Security Administration, Benefit Payments in Instances Where the Social Security Administration Removed a Death Entry from the Beneficiary's Record, A-06-07-27156, 06/19/08: "The DMF [Death Master File] is a publicly available database maintained by SSA that contains detailed information on more than 82 million deceased numberholders. Each year, SSA receives death reports for more than 2.5 million individuals and adds the information to the DMF. As depicted on the chart below, SSA receives most death reports from funeral homes or friends/relatives of the deceased. SSA considers such first party death reports to be verified and immediately posts them to the DMF.

    Other sources of death reports include States and other Federal agencies, as well as postal authorities and financial institutions. SSA posts nonbeneficiary information to the DMF without verification. However, if these reports indicate an SSA beneficiary died, SSA may perform additional verification before terminating benefits or posting the death entry to the DMF. Verification of death means that an acceptable reporter (usually someone in the person's home, a representative payee, a doctor, or hospital) agrees that the person is deceased and corroborates the date of death, if necessary.

    The accuracy of death data is a highly sensitive matter for SSA. Erroneous death entries can lead to benefit termination and result in severe financial hardship and distress to the beneficiary/recipient. Conversely, the removal of legitimate death entries could allow for the authorization and payment of fraudulent benefits.

    In instances when death reports are posted in error, SSA deletes the death entry from the DMF ("resurrect" the record) and, when applicable, reinstates benefit payments. SSA employees may only process transactions to resurrect a record when presented with proof the original death entry was posted in error. Unless the mistake resulted from an administrative error, the resurrection transaction should not be processed before completion of a face-to-face interview with the beneficiary or recipient. To validate the integrity of these transactions, SSA requires that two employees be involved in the process. SSA also requires that employees document the events leading to and facts supporting the transaction.

    Since January 2004, SSA has provided us with electronic files containing updates made to the DMF, including instances when individual records were removed from the DMF. Preliminary analysis of these files indicated that, from January 2004 through April 2007, SSA deleted more than 44,000 individuals' death entries from the DMF. SSA records indicated 20,623 of these individuals were in current payment status on or after April 27, 2007 and received approximately $17.2 million in monthly SSA benefit payments."

    June 26, 2008
    * The Common Framework for Networked Personal Health Information: Overview and Principles

    "The framework below proposes a set of practices that, when taken together, encourage appropriate handling of personal health information as it flows to and from personal health records (PHRs) and similar applications or supporting services. Click on the individual documents below to read descriptions and to view or download them as PDF documents. Or, download the entire Common Framework in PDF. The Common Framework for Networked Personal Health Information: Overview and Principles provides background on the documents and how they relate to each other. All resources are available free of charge.

    June 04, 2008
    * HHS ONC-Coordinated Federal Health IT Strategic Plan

    The ONC [Office of the National Coordinator for Health Information Technology] Coordinated Federal Health Information Technology Strategic Plan: 2008-2012 - Using the Power of Information Technology to Transform Health and Care.

    "The Plan has two goals, Patient-focused Health Care and Population Health, with four objectives under each goal. The themes of privacy and security, interoperability, IT adoption, and collaborative governance recur across the goals, but they apply in very different ways to health care and population health."

    May 31, 2008
    * Google Health Now Available for Public Use

    "...get access to and manage all of your personal health information online...This would help you keep your doctors and family members up-to-date on important medical conditions and current medications. Well, after a successful pilot with the Cleveland Clinic, we've opened up Google Health to everyone in the U.S. It's easy to sign up, and free to use. All you need is a Google username and password. You can import your medical records and prescription history from our partners — well-known brands such as Walgreens, Longs Drugs and Quest Diagnostics."

  • Google Health Privacy Policy
  • May 29, 2008
    * Guidance for Homeland Security Presidential Directiv 12 Implementation

    Guidance for Homeland Security Presidential Directive (HSPD) 12 Implementation (May 23 2008) (4 pages): "This document serves as a guideline to assist agencies in preparing or refining plans for incorporating the use of Personal Identity Verification (PIV) credentials, to the maximum extent practicable, with physical and logical access control systems."

    May 27, 2008
    * A Strategy for Openness: Enhancing E-Records Access in New York State

    Government Technology: "The New York State Office for Technology and the New York State Archives, a program of the State Education Department, issued a report last week that examines how the state can provide choice, interoperability and vendor neutrality in electronic document creation while ensuring electronic records are preserved and remain accessible. A Strategy for Openness: Enhancing E-Records Access in New York State makes recommendations to promote openness and transparency aimed at ensuring public records remain free from being locked into proprietary systems and software applications."

    May 21, 2008
    * White House Memo on Designation and Sharing of Controlled Unclassified Information

    Memorandum For The Heads Of Executive Departments And Agencies. SUBJECT: Designation and Sharing of Controlled Unclassified Information (CUI), May 21, 2008.

  • "This memorandum (a) adopts, defines, and institutes "Controlled Unclassified Information" (CUI) as the single, categorical designation henceforth throughout the executive branch for all information within the scope of that definition, which includes most information heretofore referred to as "Sensitive But Unclassified" (SBU) in the Information Sharing Environment (ISE), and (b) establishes a corresponding new CUI Framework for designating, marking, safeguarding, and disseminating information designated as CUI. The memorandum's purpose is to standardize practices and thereby improve the sharing of information, not to classify or declassify new or additional information."

  • Related GAO Report: The Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information, March 2006
  • May 18, 2008
    * EPIC, Technical Experts, Legal Scholars, and Civil Liberties Organizations Urge Accuracy In Police Databases

    "EPIC filed a "friend of the court" brief (pdf) in the United States Supreme Court, urging the Justices to ensure the accuracy of police databases. The brief was filed on behalf of 27 legal scholars and technical experts and 13 privacy and civil liberty groups. In Herring v. US, the Court will be asked to determine whether an arrest based on inaccurate information in a criminal justice database should be upheld. EPIC explained how government databases are becoming increasingly unreliable, according to the government's own studies and urged the Court to “ensure an accuracy obligation on law enforcement agents who rely on criminal justice information systems.” The amici warned that, “to permit a good faith reliance on data that is inaccurate, incomplete, or out of date will actually exacerbate the problem and increase the likelihood of unfair treatment in the criminal justice system.” See EPIC page on Herring v. US

    May 16, 2008
    * Health Data Systems Need A Comprehensive Privacy and Security Framework

    "CDT's Health Privacy Project today released a paper urging policymakers and the private sector to develop and implement a comprehensive privacy and security framework to govern the wide range of computer and Internet-based systems being created to share sensitive health information. The paper examines the key issues confronting the adoption of information technology in the health care field and offers suggestions on policies and business practices that will protect patient rights while facilitating the kinds of information sharing that can reduce costs and improve care."

  • HPP Policy Framework Document [PDF] May 15, 2008
  • May 11, 2008
    * New on LLRX.com
    April 06, 2008
    March 26, 2008
    * National Committee on Vital and Health Statistics Report Issued

    National Committee on Vital and Health Statistics, 2005-2006. February 2008 37 pp. (PHS) 2008-1205

  • "This report is the latest in a series of periodic reviews of the work of the National Committee on Vital and Health Statistics (NCVHS), the statutory public advisory committee on health information policy to the Secretary of the U.S. Department of Health and Human Services (HHS). During this 2-year period, the Committee produced recommendations on privacy issues in the Nationwide Health Information
    Network (NHIN); functional requirements for the NHIN; improvements to data on race, ethnicity, and language; personal health records and systems; multiple Health Insurance Portability and Accountability Act (HIPAA), Consolidated Health Informatics (CHI), and e-prescribing standards; quality measurement; and reflections on lessons learned from the first 10 years of HIPAA."
  • March 23, 2008
    * Paperless Existence Still an Illusion - At Work and at Home

    Still Seeking a Truly Digital Life - Analysis: "The French call it 'dematerialization' but the search for a paperless existence continues to elude even technophiles." Peter Sayer, IDG News Service.

    March 21, 2008
    * White House Discloses Destruction of Computer Hard Drives

    Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act, news today from AP: "Older White House computer hard drives have been destroyed, the White House disclosed to a federal court Friday in a controversy over millions of possibly missing e-mails from 2003 to 2005. The White House revealed new information about how it handles its computers in an effort to persuade a federal magistrate it would be fruitless to undertake an e-mail recovery plan that the court proposed."

    February 27, 2008
    * A Legal and Policy Analysis - Personal Health Records: Why Many PHRs Threaten Privacy

    The World Privacy Forum - A Legal and Policy Analysis - Personal Health Records: Why Many PHRs Threaten Privacy, Prepared by Robert Gellman for the World Privacy Forum, February 20, 2008

  • "This document offers a legal and policy analysis of the privacy consequences for consumer health information stored on or by Personal Health Records systems that are not subject to the HIPAA health privacy rule. This document does not analyze the potential of PHRs for affecting the cost of health care in general. Unless specifically noted in the text, the term PHR in this document refers to PHR records and systems that are not subject to HIPAA."
  • February 10, 2008
    * Move to Paperless Homes May Also Increase Energy Use

    New York Times: Pushing Paper Out the Door, by Hannah Fairfield

  • "A paperless world isn’t automatically a boon for the environment, though. While these digital toys reduce dependence on one resource, they increase it on another: energy. Some devices are always plugged in, eating electricity even when not in use, and gobbling huge amounts of power when they are. Others, like digital cameras and laptop computers, use electricity while they are recharging."

  • Graphic of global trail of paper use
  • * Health Care Reform: CED Releases Harnessing Openness to Transform American Health Care

    "The Committee for Economic Development (CED)...released a new report – Harnessing Openness to Transform American Health Care (94 pages, PDF) – that focuses on how to improve health care by giving people more access to information and making the information more responsive to their contributions. The report touches on the entire production system for health care from biomedical research to clinical trials to electronic health care records and patient/doc interactions. It also addresses open access publishing of research results and access to clinical trial data, openness in public health, the impact of greater openness on approval of medical devices, and open models of innovation. The report was prepared by CED's Digital Connections Council (DCC). The DCC is a group of information technology experts from CED-affiliated companies established to advise CED on the policy issues associated with the digital economy and emerging technologies. This report follows the late 2007 release of CED’s report, Quality, Affordable Health Care For All: Beyond The Employer-based Health-insurance System, which includes findings and recommendations on health care reform from CED."

    February 04, 2008
    * GPO Authenticates Federal Budget by Digital Signature

  • Press release: "The U.S. Government Printing Office (GPO) authenticates the first-ever online Federal Budget by digital signature. The visible digital signature on an online PDF document serves the same purpose as handwritten signatures or traditional wax seals on printed documents. This signature assures the public that the document has not been changed or altered. A digital signature, viewed through the GPO Seal of Authenticity, verifies the document’s integrity and authenticity."
  • January 29, 2008
    * Opportunity for public comment on the accuracy of credit reports

    World Privacy Forum: "Consumers and organizations have an opportunity to submit public comments about the accuracy and integrity of credit reports. Until February 11, the Federal Reserve Board, the Federal Trade Commission and other banking agencies will be accepting comments on their draft rulemaking regarding how creditors and other furnishers provide information to consumer reporting agencies, and which types of direct disputes they must handle. This proposed rulemaking is a key one; it defines what accuracy and integrity of information provided to consumer reporting agencies means, how disputes may be handled directly with the furnishers, and which types of direct disputes furnishers may ignore. The NCLC, Consumer's Union, and the World Privacy Forum have written a sample letter that may be downloaded and used or modified for the comments. To file your letter, submit your comments to the Board of Governors of the Federal Reserve System by mailing the comments to regs.comments@federalreserve.gov with the subject line "Docket No. R–1300."

  • See the Sample Letter

  • See the FTC's Notice of Proposed Rulemaking
  • January 24, 2008
    * Sensitive Data Retrieved From Used Government Tapes

    Press release: "Congresswoman Betty McCollum (MN-04), has sent a letter to the Government Accountability Office asking that it reopen its investigation of the privacy and national security risks posed by government agencies reselling used magnetic data tapes that may once have contained large amounts of sensitive personal and government information. Researchers working for Imation, an Oakdale, MN-based corporation that produces magnetic data tapes, were able to recover a wide range of sensitive information from used data tapes that were supposedly wiped clean before being re-sold. Using readily available equipment and information, Imation investigators found out where the tapes originated and recovered bank account numbers, expense reports, employee tax and benefit information, and other sensitive data."

    * Coalition for Patient Privacy: Resources for Consumers

    Coalition for Patient Privacy: "Our mission is to ensure that Americans control all access to their health records."

  • "National Committee on Vital and Health Statistics report, Enhanced Protections for Uses of Health Data: A Stewardship Framework for 'Secondary Uses' of Electronically Collected and Transmitted Health Data. The report recommends that Americans have NO control over access to their electronic health information."

  • Patient Privacy Toolkit: Privacy Instructions: Give to all Providers; How to Talk to Your Doctor; Your Health Privacy Rights; Health Privacy Complaint Form to HHS
  • January 18, 2008
    * Chairman Waxman Schedules Hearing to Examine Preservation of White House E-mails

    Follow up to previous postings on missing White House emails, from the House Oversight Committee: "On February 15, the Committee will hold a hearing to investigate White House compliance with the Presidential Records Act. Statements made at the January 17 White House press briefing contradict information provided to the Committee, which revealed that a 2005 White House analysis found no archived mail for hundreds of days between 2003 and 2005. The following officials have been invited to testify: Fred Fielding, Counsel to the President; Alan Swendiman, Director, Office of Administration; Allen Weinstein, Archivist of the United States."

  • Letter to Fred Fielding

  • Letter to Allen Weinstein

  • White House Press Briefing by Tony Fratto for January 17, 2008: "...I'm saying we have no evidence that shows that anything at all is missing. And you're saying, well, have you found the missing emails -- and we say we have no evidence that anything is missing..."
  • January 14, 2008
    * Growing Concerns About Preservation of Presidential Records

    New Questions Raised About White House Records Preservation: "In letters to the White House and the National Archives, House Oversight Chairman Waxman asks whether the White House has preserved its records according to the obligations of the Presidential Records Act, and what the White House has done to prepare for the transition of presidential records to the Archives in January 2009."

    Documents and Links

  • Letter to Allen Weinstein, Archivist of the United States
  • Letter to Fred Fielding, White House Counsel

  • Government Executive: "By Feb. 1, the National Archives and Records Administration and the White House must provide congressional watchdogs with an update on preparations for the transition of all presidential records to the National Archives by January 2009. Concerns over progress might be well-founded: Proper handling of electronic documents, the need to identify and centralize pertinent records, and the sheer volume of information all leave the White House with a mammoth project on its hands."

  • January 12, 2008
    * British Educational Communications and Technology Agency Report on Windows Vista and Microsoft Office 2007

    Press release: "Becta [British Educational Communications and Technology Agency], the education technology agency, has published a key report on Microsoft Vista and Office 2007 and on document interoperability which analyses the suitability of both software packages for adoption by schools and colleges."

  • Microsoft Vista and Office 2007: full report, Published: 9 January 2008, Publication ID: BEC1-15529, 40 pages, PDF
  • December 31, 2007
    December 28, 2007
    * Proofpoint Reports Spam Email Trends for November 2007

    Press release: "Proofpoint, Inc., the leading provider of unified email security and data loss prevention solutions, today reported spam trends for data collected during the month of November 2007, finding that, on average, spam continues to represent nearly 90% of the total email volume received by large enterprises. Attachment-based spam made a comeback with the prevalence of image-based spam, PDF spam and Microsoft Word document spam all increasing over October levels."

    December 12, 2007
    * Privacy, Public Access and Policymaking in State Redaction Practices

    Government Technology: "A new white paper designed to help public officials develop policies for removing Social Security numbers and other sensitive information from public documents is now available online. The National Association of Secretaries of State (NASS), in collaboration with the National Electronic Commerce Coordinating Council (eC3), today released a joint white paper on redaction entitled Privacy, Public Access & Policymaking in State Redaction Practices. Developed with input from leading experts in government, academia and the private sector, the paper is the first national report specifically written for state and local leaders coping with data security issues in public records."

    December 03, 2007
    November 28, 2007
    * Report - The Search is On: State CIO Starting Points for E-Discovery

    National Association of State Chief Information Officers - The Search Is On: State CIO Starting Points for E-Discovery
    November 2007
    : "In its September 2007 Issue Brief entitled Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery!, NASCIO raised the importance of State CIO involvement in e-discovery and the need for collaborative state electronic records management activities to properly address e-discovery requests. In this follow-up Research Brief, NASCIO provides starting points for State CIOs to improve the state’s ability to successfully address legal requests for electronic information.

    Topics include:

  • Getting Started on Electronic Records Management

  • Managing an Electronic Records Management Initiative

  • The Role of Records Retention Schedules · The Challenge of Retrieving Electronic Information

  • Electronic Records Management Training and Awareness for State Employees

  • November 21, 2007
    * UK Government Loses Personal Data on 25 Million Citizens

    20 November 2007, Statement to the House of Commons by Chancellor of the Exchequer, Alistair Darling, MP, on HMRC

  • "With your permission Mr Speaker I should like to make a statement on the breach of procedures which led to missing personal data relating to child benefit from Her Majesty's Revenue and Customs...The National Audit Office - which is independent of Government, but answerable to Parliament - has a right to ask for and access data from HMRC in discharging its compliance responsibilities. In March of this year it appears that a junior official within HMRC provided the National Audit Office with a full copy of HMRC's data in relation to the payment of child benefit [The missing information contains details of all child benefit recipients: records for 25 million individuals and 7.25 million families. These records include the recipient and their children's names, addresses and dates of birth, it includes Child Benefit numbers, National Insurance Numbers, and, where relevant, bank or building society account details]. In doing so it is clear that the strict rules governing HMRC standing procedures were not followed. These procedures relate to the security and access to data as well as its transit to ensure that data is properly protected. This information should not have been handed over by HMRC in the way that it was. However, I understand that in this case the NAO subsequently returned all the information it received in March to HMRC after auditing it. It now appears that following a further request from the NAO in October for information from the Child Benefit database, and again at a junior level and again contrary to all HMRC standing procedures, two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO, by HMRC's post system operated by the courier TNT. The package was not recorded or registered. Mr Speaker, it appears the data has failed to reach the addressee in the NAO. Mr Speaker, I also have to tell the House that on finding that the package had not arrived at the NAO, a further copy of this data was sent, this time by registered post, and which did arrive at the NAO. However, again HMRC should never have let this happen. Although it is believed the data was sent from HMRC to the NAO on 18 October, the fact it did not arrive it was not reported to HMRC's senior management until 8 November, nearly 3 weeks later. I was informed on Saturday 10 November and immediately instructed that comprehensive searches be carried out of all premises where the missing data might be found. These searches are continuing...On Monday 12 November HMRC informed me that evidence might have had been found of the route taken by the data and that the data was likely to be found. However, by Wednesday 14 November it was clear to me that the HMRC searches had failed to find them. I therefore instructed the Chairman of HMRC to call in the Metropolitan Police to conduct a full investigation in order to find the missing package."
  • October 28, 2007
    * Archive Seeks to Discover Full Extent of Missing E-Mails at White House

    Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act: "The National Security Archive filed a motion on Friday, October 26, seeking expedited discovery against the Executive Office of the President to find out what e-mails are missing from the White House e-mail system or backup tapes. Archive General Counsel Meredith Fuchs explained, “The pressing need for the information arises out of troubling representations by the EOP and its components about its document preservation obligations and the location of its backup tapes. We need information so we can take steps to preserve all possible sources of e-mails deleted from the White House servers.” Also on Friday, a similar motion was filed in a virtually identical lawsuit brought by Citizens for Responsibility and Ethics in Washington (CREW) on September 25, 2007.

    The Archive filed this case on September 5, 2007, against the Executive Office of the President (EOP) and its components seeking to recover at least 5 million federal e-mail records improperly deleted by the EOP. After the government failed to provide adequate assurances that backups and copies of the missing e-mail would be preserved throughout this litigation, on October 11, 2007, CREW filed a motion for a temporary restraining order against the White House defendants in its case. A hearing in CREW’s case was held before Magistrate Judge Facciola on October 17, 2007. Magistrate Judge Facciola issued a Report and Recommendation on October 19, 2007, advising the Court to grant a temporary restraining order. The government has filed objections to Magistrate Judge Facciola’s Report and Recommendation, and CREW has responded to the government’s objections."

    September 06, 2007
    * Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery

    NASCIO - Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery, September 2007: "In increasingly consolidated state technology environments, State CIOs may have heightened responsibility for the storage, preservation and retrieval of electronic information in response to e-discovery requests. Since government information is a knowledge asset, State CIOs must ensure the proper management of state information assets in addition to the technological infrastructure for locating and retrieving that information. This issue brief explains the impact for State CIOs of e-discovery requests and encourages State CIOs to pursue a holistic approach to enterprise records management as part of a team of state government stakeholders, including state legal counsel, archivists, records managers, and agency business leaders."

    August 18, 2007
    * The Challenge of Electronic Discovery: How Reference Service, Records Management and Litigation Support Interact

    Materials from PLL Programs at AALL 2007 - The Challenge of Electronic Discovery: How Reference Service, Records Management and Litigation Support Interact, Speakers: John Montaña, Esq., PelliGroup, Inc. and Rachelle L. DeGregory, Esq., LexisNexis [PowerPoint document]

    July 26, 2007
    * Public Comments On National Disaster Medical System and Privacy Issues

    "The World Privacy Forum has filed public comments with the Department of Health and Human Services requesting that its new National Disaster Medical System protect all patient information to at least the baseline protections that HIPAA affords, including the HIPAA security and privacy protections. Currently, the new system does not do this, even though the system is housed at HHS, the agency which promulgated the HIPAA standards. The National Disaster Medical System currently contains overbroad routine uses which could potentially result in significant privacy and even public health issues. For example, public health information will not be able to be disclosed under the National Disaster Medical System as the system is currently organized. Additionally, some of the current routine uses in the system would authorize disclosures that would be illegal under HIPAA. For example, Congressional disclosure of a HIPAA record requires a written authorization, something the new system does not require. Read the comments (PDF)."

    July 25, 2007
    * Electronic Records Management and Digital Preservation: Protecting the Knowledge Assets of the State Government Enterprise

    Electronic Records Management and Digital Preservation: Protecting the Knowledge Assets of the State Government Enterprise, PART II: Economic, Legal, and Organizational Issues, July 2007

  • "NASCIO continues its series on electronic records management and digital preservation with Part II which focuses on economic, legal, and organizational issues and recommended actions for State CIOs. Part II builds on the theme that the state CIO and the state enterprise architect will need to view electronic records management and digital preservation as disciplines that comprise an enterprise architecture domain. Partnering with the state’s archivists, librarians, and records managers to fully leverage their expertise will help ensure the state’s knowledge assets are managed for value with a long term view. eDiscovery and offshoring present significant challenges to the state enterprise. CIOs will need to build their awareness of these subject areas and author necessary compliance and risk management strategies."

  • Electronic Records Management and Digital Preservation: Protecting the Knowledge Assets of the State Government Enterprise, PART I: Background, Principles and Action for State CIOs, May 2007
  • July 21, 2007
    * Personal Health Data Processed by DOD Contractor Compromised By Internet Security Failure

    Press release: "Personal information of certain uniformed service members, family members and others was placed at risk for potential compromise while being processed by SAIC under several health care data contracts for military service customers, the company said today. SAIC remedied the security lapses upon learning of them and began working with the customers to mitigate any potential impact. Forensic analysis has not yielded any evidence that any personal information was actually compromised; however, the possibility cannot be ruled out. SAIC is notifying approximately 580,000 households, some with more than one affected person."

  • Science Applications International Corp. Response to Data Security Failure
  • July 05, 2007
    * Report - Toward a Safer and More Secure Cyberspace

    Toward a Safer and More Secure Cyberspace, Seymour E. Goodman and Herbert S. Lin, Editors, Committee on Improving Cybersecurity Research in the United States, National Research Council, 272 pages, pre-publication copy, 2007.

  • "Toward a Safer and More Secure Cyberspace examines the vulnerabilities of the Internet and offers a strategy for future research aimed at countering cyber attacks. The report also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated."

  • Table of Contents - links to full text by section

  • PDF Executive Summary, 33 pages, PDF

  • See also the "Cyber Security Research and Development Act (PL 107-305, enacted November 27, 2002) which authorized this study to provide advice regarding the appropriate locus for federal cybersecurity research.
  • June 24, 2007
    * Debate On Public Access to Public Records Online Escalates

    WSJ free feature: When Public Records Are Too Public - Open Records Are an Established Tradition, But Does Internet Access Call for a Change?: "Property deeds, marriage and divorce records, court files, motor-vehicle information and tax documents are increasingly being digitized, and contain a wealth of information that few of us would want online: Social Security numbers, birth dates, maiden names and images of our signatures. Local governments have rushed to put those documents online for a decade or so, often without scrubbing them of such information. And that's made them potentially fertile ground for busybodies, stalkers and identity thieves."

    June 18, 2007
    * Oversight Committee Investigation of Use of RNC E-Mail Accounts by White House Officials

    Administration Oversight, White House Use of Private E-mail Accounts: "The Oversight Committee has been investigating whether White House officials violated the Presidential Records Act by using e-mail accounts maintained by the Republican National Committee and the Bush Cheney ‘04 campaign for official White House communications. This interim staff report provides a summary of the evidence the Committee has received to date, along with recommendations for next steps in the investigation."

    The information the Committee has received in the investigation reveals:

  • "The number of White House officials given RNC e-mail accounts is higher than previously disclosed..."

  • "White House officials made extensive use of their RNC e-mail accounts."

  • "There has been extensive destruction of the e-mails of White House officials by the RNC."

  • "There is evidence that the Office of White House Counsel under Alberto Gonzales may have known that White House officials were using RNC e-mail accounts for official business, but took no action to preserve these presidential records."


  • Documents and Links
  • Investigation of Possible Violations of the Presidential Records Act

  • Deposition of Susan Ralston

  • Errata Sheet for Deposition of Susan Ralston

  • Related postings on U.S. Attorney firings
  • June 17, 2007
    * OMB Issues New Guidelines for Protecting the Confidentiality of Statistical Information

    Press release: OMB Issues New Guidelines for Protecting the Confidentiality of Statistical Information (June 15, 2007)

    Implementation Guidance for Title V of the E-Government Act, Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA). AGENCY: Office of Management and Budget, Executive Office of the President. ACTION: Notice of decision. Federal Register: June 15, 2007 (Volume 72, Number 115) [Page 33361-33377]

  • SUMMARY: "The Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA) can provide strong confidentiality
    protections for statistical information collections, such as surveys and censuses, as well as for other statistical activities, such as data analysis, modeling, and sample design, that are sponsored or conducted by Federal agencies. The Office of Management and Budget (OMB) is issuing Implementation Guidance for Title V of the E-Government Act, the Confidential Information Protection and Statistical Efficiency Act of 2002 (Pub. L. 107-347). The purpose of the CIPSEA implementation guidance is to inform agencies about the requirements for using CIPSEA and to clarify the circumstances under which CIPSEA can be used."

  • Confidential Information Protection and Statistical Efficiency Act of 2002


  • * Office of Special Counsel Directs 18 Agencies to Preserve E-Mail for Investigation

    Daniel Pulliam at Govexec.com reported, "Eighteen agencies have been asked by the Office of Special Counsel to preserve electronic information dating back to January 2001 as part of its governmentwide investigation into alleged violations of the law that limits political activity in federal agencies. The OSC task force investigating the claims has asked agencies, including the General Services Administration, to preserve all e-mail records, calendar information, phone logs and hard drives going back to the beginning of the Bush administration."

    May 08, 2007
    * GAO Examines VA and DOD Medical Info Sharing

    Information Technology: VA and DOD Are Making Progress in Sharing Medical Information, but Are Far from Comprehensive Electronic Medical Records GAO-07-852T, May 8, 2007.

  • "For almost a decade, VA and DOD have been pursuing ways to share health information and create comprehensive electronic medical records. However, they have faced considerable challenges in these efforts, leading to repeated changes in the focus of their initiatives and target dates. Currently, the two departments are pursuing both long- and short-term initiatives to share health information."
  • April 15, 2007
    * Group Issues Report on Missing White House Emails and Violations of the Presidential Records Act

    Follow-up to postings on the escalating interest in the U.S. Attorney firings, this press release: "Citizens for Responsibility and Ethics in Washington (CREW) released a report [April 12, 2007], WITHOUT A TRACE: The Missing White House Emails and the Violations of the Presidential Records Act, detailing the legal issues behind the story of the White House e-mail scandal. WITHOUT A TRACE covers the following areas:

  • "Presidential Records Act (PRA): Enacted in 1978, requires the president to preserve all presidential records, which are defined as those records relating to the "activities, deliberations, decisions, and policies that reflect the performance of [the president’s] constitutional, statutory, or other official or ceremonial duties..."

  • Clinton Administration Policy: In 1993, then-Assistant to the President and Staff Secretary John Podesta sent a memo to all presidential staff explaining that the PRA required all staff members to maintain all records, including emails. Podesta stated that the use of external email networks was prohibited because records would not be saved as required. The 1997 White House Manual and a 2000 memo issued by Mark Lindsay, then Assistant to the President for Management and Administration echoed this policy, requiring staff to use only the White House email system for official communications.

  • Bush Administration Policy: The Bush Administration has refused to make public its record-keeping policy. A confidential source provided CREW with a 2002 document indicating the use of “non-EOP messaging-enabled mechanisms should not be used for official business.”

  • Bush Administration Practice: In the wake of the scandals surrounding Jack Abramoff and the fired U.S. Attorneys, emails were released showing that top White House staffers routinely used Republican National Committee (RNC) email accounts to conduct official business.

  • PRA Violations: 1) The administration failed to implement adequate record-keeping systems to archive presidential email records; 2) two confidential sources independently informed CREW that the administration abandoned a plan to recover more than five million missing emails; 3) White House staff used outside email accounts to conduct presidential business, ensuring that emails were not adequately preserved.

  • Hatch Act...The Hatch Act prohibits White House staff from using official resources for purely “political” purposes. “Political” refers to the president’s role as either a candidate for office or as the leader of his party. Email communications regarding presidential appointments for U.S. Attorney and Interior Department positions clearly fall within the PRA as making appointment is an official presidential function and does not relate to the president’s role as party leader."


  • Related documents and articles on the U.S. Attorney firings and the Presidential Records Act:
  • NARA: "The Presidential Records Act (PRA) of 1978, 44 U.S.C. ß2201-2207, governs the official records of Presidents and Vice Presidents created or received after January 20, 1981. The PRA changed the legal ownership of the official records of the President from private to public, and established a new statutory structure under which Presidents must manage their records."

  • The Presidential Records Act of 1978: A Review of Executive Branch Implementation and Compliance, Subcommittee on Information Policy, Census, and the National Archives, March 1, 2007

  • On Thursday, March 1, 2007 the Subcommittee on Information Policy, Census, and National Archives held a hearing to examine issues relating to implementation of the Presidential Records Act of 1978, including the history of the act, the role of the National Archives and Records Administration in releasing Presidential records to the public, and the likely impact of Executive Order 13233 on research. See also H.R. 1255: The Presidential Records Act Amendments of 2007

  • Albuquerque Journal, April 15, 2007: Domenici Sought Iglesias Ouster

  • WSJ free feature: Gonzales Deputy, in Crossfire, Looks for Quiet Exit - McNulty Seeks Job In Private Sector; Scrutiny Intensifies

  • USNews.com Special Report: U.S. Attorney Firings Investigation
  • April 12, 2007
    * Waxman Asks Government Agencies to Preserve E-mails from RNC Accounts

    Following up on this April 10, 2007 posting, House Judiciary Committee Subpoenas AG Gonzales, and related links on the U.S. Attorney firings, today this press release from Rep. Waxman's House Oversight and Government Reform Committee: "Following briefings from the White House and Republican National Committee that revealed an extensive volume of e-mails regarding official government business may have been destroyed by the RNC, Chairman Waxman directs government agencies to preserve e-mails received from or sent to non-governmental e-mail accounts used by White House staffers. The Committee also requests that government agencies provide an inventory of all e-mails involving these accounts. The briefing received by the Committee raises serious concerns about the White House compliance with the Presidential Records Act, which requires that the President "take all such steps as may be necessary to assure that the activities, deliberations, decisions, and policies that reflect the performance of his constitutional, statutory, or other official or ceremonial duties are adequately documented and that such records are maintained as Presidential records."
    Related documents: This press release includes links to letters from the Chairman to 16 agency heads, which duplicate the text of a letter to Attorney General Gonzales. Each letter is three pages, PDF.

    April 11, 2007
    * Corporate Data Loss Cost Calculator

    Tech//404® Data Loss Cost Calculator: "Data loss resulting from network security breaches and identity theft has become a regular occurrence. While the number of affected records can vary widely in any given data loss scenario, a recent study by the Ponemon Institute found that the average number was roughly 99,000. For recent examples and media reports, visit the data loss archive. Darwin created the Tech//404® data loss cost calculator as a tool to demonstrate the scope of negative financial impact an organization may face as a result of a data breach or identity theft data loss scenario. The calculator will automatically generate an average cost, and a plus/minus 20% range, for expenses associated with internal investigation, notification/crisis management and regulatory/compliance if the incident were to give rise to a class action claim."

    March 29, 2007
    * Appellate Courts Go Live on Case Management/Electronic Case Files

    The Third Branch, March 2007: "Some day in the not-too-distant future, locating and reading a brief filed in a federal appellate case will become as easy as finding an appeals court opinion. And electronic appellate briefs will feature hyperlinks to lower court rulings, statutes, regulations, and other cited materials. “Judges generally are excited about having attorneys file briefs that contain hyperlinks to citations,” said Gary Bowden, chief of the Administrative Office’s Appellate Court and Circuit Administration Division. “And through PACER (the Public Access to Court Electronic Records system) these briefs will be available to everyone.” Until late last year, 10 of the 12 regional appellate courts were using an antiquated system of receiving, storing and tracking their cases, a system that at age 20 was long overdue for retirement." The St. Louis-based U.S. Court of Appeals for the 8th Circuit took a giant step in December when it became the first of those 10 courts to go live with Case Management/Electronic Case Files (CM/ECF). The rest are to follow by the end of 2007."

  • See also: Credit Card Security Code Required in CM/ECF - "Beginning February 1, 2007, all district and bankruptcy court CM/ECF filers who pay fees on-line via a credit card will be required to enter the security code field to complete the transaction. Credit card security codes, the 3-4 digits printed on the back of a credit card, are used to reduce fraud by verifying that the purchaser has the credit card in hand when making a purchase on the Internet."
  • March 26, 2007
    * Oversight Committee Directs RNC to Preserve White House Emails

    "Citing evidence that senior White House officials are using RNC and other political email accounts to avoid leaving a record of official communications, Chairman Waxman directs the Republican National Committee and the Bush-Cheney ’04 Campaign to preserve the emails of White House officials and to meet with Committee staff to explain how the accounts are managed and what steps are being taken to protect the emails from destruction and tampering."

    Documents and Links:

  • Letter to Mike Duncan [Chairman, Republican National Committee]

  • Letter to Marc Racicot [Former Chairman, Bush/Cheney '04]

  • E-mails Showing Use of Non-Governmental Accounts for Official Business

  • February 27, 2007
    * Consumer Survey Shows Growing Importance of E-Health Records

    Press release: "The majority of consumers place some importance on whether a physician has electronic health records when choosing a physician and would be willing to pay for the service, according to research results released today by Accenture. The goal of the research, a survey of 600 U.S. consumers and interviews with more than 100 physicians, was to gauge consumer and physician attitudes toward electronic health records (EHR). An EHR comprises an individual’s medical information including conditions, medication information, test results and treatment plans that exist in electronic form. Among the key findings: Two-thirds (67 percent) of consumers said that electronic health records are at least slightly important in their selection of a physician, and half (51 percent) said they would be willing to pay for the service, if the price were reasonable. At the same time, just one in ten physicians interviewed (11 percent) currently uses electronic records."

  • Press release: "Hospitals continue to accelerate their use of health information technology, with 68% reporting that electronic health records had been fully or partially implemented as of fall 2006, according to the AHA's second annual survey (24 pages, PDF) of hospital health IT use."
  • February 05, 2007
    * Privacy Forum Seeks Controls Over Gov't Use of Patient Genetic Data

    "The World Privacy Forum filed public comments with the Department of Health and Human Services in response to an HHS request for information regarding the use of patients' genetic data for research, health care, and for use in electronic health records. The World Privacy Forum is requesting that HHS use all Fair Information Principles in any personalized health care projects, and is requesting that a formal ELSI (ethical, legal, and social implications) committee be set up to oversee any projects, among other requests."

  • Related: HHS Request for Information (RFI): Improving Health and Accelerating Personalized Health Care Through Health Information Technology and Genomic Information in Population-and Community-based Health Care Delivery Systems, October 30, 2006
  • February 02, 2007
    * GAO Report on Health Information Technology

    Health Information Technology: Early Efforts Initiated but Comprehensive Privacy Approach Needed for National Strategy, Full text GAO-07-400T, and Highlights, February 1, 2007: "GAO identified key challenges associated with protecting electronic personal health information in four areas."

    January 19, 2007
    * New on LLRX.com for January 2007

    Table of Contents for LLRX.com - January 15, 2007 issue:

  • Competitive Intelligence - A Selective Resource Guide, by Sabrina I. Pacifici

  • The Impact of Social Networking Tools and Guidelines to Use Them, by LaJean Humphries

  • The Blog - Another Tool in Your Arsenal, by Janet Peros

  • Faulkner's Practical Web Strategies for Attorneys: How the Web Will Continue to Change How We Do Business in 2007, by Frederick L. Faulkner IV

  • CongressLine, by GalleryWatch.com: Authorization and Appropriation, by Paul Jenks

  • The Government Domain: Testing the THOMAS Beta, by Peggy Garvin

  • Deal or No Deal – Licensing & Acquiring Digital Resources: License Negotiations Reprise, by Kara Phillips

  • The Tao of Law Librarianship: Becoming A Wiki Warrior, by Connie Crosby

  • Burney's Gadgets for Legal Pros: Reviews -- Doing Double Time With Dual Monitors and Video Chatting Via Your Laptop, by Brett Burney

  • E-Discovery Update: E-Discovery New Year's Resolutions for 2007, by Conrad J. Jacoby

  • Commentary: The Iraq Troop Surge by Beth Wellington

  • A Cup of Creativi-tea: Start a Resolution, by Terri Wilson
  • December 21, 2006
    * The Best (and Worst!) of Legal Technology 2006 From FindLaw

    "The world of Legal Technology has...had its share of ups and downs in 2006, with companies spying on their boards, the treasury department spying on money transfers, and the government spying on, well, everyone! With all the spying going on, data security was certainly on everyone's mind in 2006, and several key stories arose out of the inability of companies and government agencies to protect their customer and employee data. The new Federal Rules of Civil Procedure also added to the mix with new requirements for companies and other potential litigants to keep in mind as they generate gigabytes and gigabytes of information every day." [Link]

    December 14, 2006
    * FasterCures Releases Report Calling for Inclusion of Clinical Research in Nationwide Health Information Network

    Press release: "Building clinical research into the Nationwide Health Information Network (NHIN) will enable faster discovery and verification of treatments and cures, according to a report released today by FasterCures. The report, Ensuring the Inclusion of Clinical Research in the Nationwide Health Information Network, details steps to help speed the implementation of Electronic Health Record (EHR) systems and suggests four strategies to include a research component in the NHIN, the federal government's planned "Internet for Healthcare."

    December 12, 2006
    * U.S. Deputy AG Mcnulty Revises Charging Guidelines for Prosecuting Corporate Fraud

    Press release: "U.S. Deputy Attorney General Paul J. McNulty announced today during a speech at a meeting of the Lawyers for Civil Justice in New York that the Department of Justice is revising its corporate charging guidelines for federal prosecutors throughout the country. The new guidance revises the Thompson Memorandum, which was issued in January 2003 by then-Deputy Attorney General Larry D. Thompson and titled the “Principles of Federal Prosecution of Business Organizations.” The memo provides useful guidance to prosecutors in the field through nine factors to use when deciding whether to charge a corporation with criminal offenses. The guidance continues to require consideration of the factors from the Thompson memo but adds new restrictions for prosecutors seeking privileged information from companies. Specifically, it creates new approval requirements that federal prosecutors must comply with before they can request waivers of attorney-client privilege and work product protections from corporations in criminal investigations."

  • Prepared Remarks of Deputy Attorney General Paul J. McNulty at the Lawyers for Civil Justice Membership Conference Regarding
    the Department's Charging Guidelines in Corporate Fraud Prosecutions
    , New York, December 12, 2006

  • John Coffee Says McNulty Memo Went a Bridge Too Far in Tying Hands of Prosecutors in Corporate Crime Investigations, 21 Corporate Crime Reporter 1, December 26, 2006
  • December 08, 2006
    * GAO Audit of Navy Marine Corps Intranet

    Information Technology: DOD Needs to Ensure That Navy Marine Corps Intranet Program Is Meeting Goals and Satisfying Customers, Full-text GAO-07-51, and Highlights, December 8, 2006.

  • "The Navy Marine Corps Intranet (NMCI) is a 10-year, $9.3 billion information technology services program. Through a performance-based contract, the Navy is buying network (intranet), application, and other hardware and software services at a fixed price per unit (or "seat") to support about 550 sites...NMCI has not met its two strategic goals--to provide information superiority and to foster innovation via interoperability and shared services."
  • December 05, 2006
    * White Paper on Framework for Networked Personal Health Information

    Markle Foundation - Connecting Americans to Their Health Care: A Common Framework for Networked Personal Health Information (41 pages, PDF): "A white paper that describes a networked environment in which consumers could establish secure electronic connections with multiple entities that hold personal health information about them. The paper discusses how consumer participation in networked environments has transformed other sectors, such as travel and finance, and concludes that the health care sector would benefit greatly from a properly designed secure network that enables greater consumer engagement."

    December 04, 2006
    * FBI Audit of Sentinel Investigative Case Management System

    Sentinel Audit II: Status of the Federal Bureau of Investigations Case Management System (Redacted), Audit Report 07-03, December 2006 (PDF - Full Report)

  • Comment Of Senator Patrick Leahy, D-Vt., Ranking Member And Incoming Chairman, Senate Judiciary Committee, On DOJ OIG Report On FBI Computer System Project, December 4, 2006: "Today’s finding by the Department of Justice Office of Inspector General that the FBI will need an additional $56.7 million over what the President requested in his budget for next year to continue the Sentinel project, and that these additional costs could have an adverse impact on the FBI's counterterrorism and other programs, are cause for deep concern."
  • * USACM Urges Feds to Adopt Software Independent E-voting Systems

    U.S. Public Policy Committee of the Association for Computing Machinery: "...the National Institute of Standards and Technology (NIST) released a paper recommending that federal standards allow certification only for "software independent" (i.e. ones that create a paper trail) e-voting systems. A key technical panel will consider and vote upon the recommendations this [week]. Calling these recommendations an important step forward for improving e-voting machine security, USACM issued a letter urging the panel to adopt the recommendations..."

  • Related postings on e-voting
  • November 28, 2006
    * Electronically Stored Information Target of New Rules

    The Third Branch: "On December 1, 2006, amendments to Federal Rules of Civil Procedure 16, 26, 33, 34, 45 and revisions to Form 35 will take effect unless Congress enacts legislation to reject, modify or defer them. These amendments and revisions are all aimed at one particular area of discovery—electronically stored information, meaning all information in computers...One study found that the cost of discovery represents approximately 50 percent of the litigation costs in all cases, and as much as 90 percent of the litigation costs in the cases where discovery is actively employed. A "cottage industry" of forensic specialists has emerged with the sole purpose of assisting law firms comply with their electronic discovery obligations...For more on the specific changes in the rules aimed at discovery of electronically stored information, visit http://www.uscourts.gov/rules/Reports/ST09-2006.pdf."

    November 23, 2006
    * Computerworld Survey Finds Companies Unprepared for New E-Discovery Rules

    "Few corporations are prepared for the new federal rules slated to take effect Dec. 1 for electronic discovery of documents in civil cases, according to a survey conducted by Computerworld. About 42% of the 170 IT managers and staffers surveyed said they did not know the status of their company's preparation for the new rules, while 32% said their company was not at all prepared."

  • See the E-Discovery Update column, by Conrad J. Jacoby, on LLRX.com for further background and expert commentary on this issue.
  • November 09, 2006
    * Lawyers Receiving Electronic Documents are Free to Examine 'Hidden' Metadata: ABA Ethics Opinion

    Press release: "Lawyers who receive electronic documents are free to look for and use information hidden in metadata – information embedded in electronically produced documents – even if the documents were provided by an opposing lawyer, according to a new ethics opinion from the American Bar Association."

    October 20, 2006
    * Treasury IG Report on Decline in Use of Free File Program

    Treasury Inspector General for Tax Administration (TIGTA) "audit found that the use of the Free File Program declined after income restrictions were applied." September 29, 2006 (42 pages, PDF)

  • Free File Home - Your Link to Free Online Filing

  • Related postings on the IRS Free File program
  • October 18, 2006
    * New AmLaw Tech Survey

    AmLaw Tech Survey: Law Firms Play Variations on Old Themes - "The 11th annual survey finds firms expanding IT while adopting new versions of old standards."

    October 10, 2006
    * Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information

    Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information, Conference of Chief Justices, Approved August 2006.

    October 04, 2006
    * CA AG Files Charges Against Former HP Chair and Others For Corporate Spying

    Press release: California "Attorney General Bill Lockyer today filed felony charges against former Hewlett-Packard Chairwoman Patricia C. Dunn and four other defendants, alleging they committed criminal offenses related to the use of false pretenses to access individuals' phone records during the company's probe of boardroom leaks to the media."

  • Felony Complaint (7 pages, PDF)

  • Supporting Declaration and Arrest Warrants (17 pages, PDF)


  • Related documents and links:
  • Hearing - Internet Data Brokers and Pretexting: Who Has Access to Your Private Records?, September 29, 2006

  • From ZDNet, a timeline of articles on the HP Leak Probe

  • September 11, 2006
    * Group Outlines Ramifications of EPA Library Closures

    Follow-up to previous postings on EPA's closure of libraries, this press release: "Prosecution of polluters by the U.S. Environmental Protection Agency "will be compromised" due to the loss of "timely, correct and accessible" information from the agency's closure of its network of technical libraries, according to an internal memo released today by Public Employees for Environmental Responsibility (PEER). EPA enforcement staff currently rely upon the libraries to obtain technical information to support pollution prosecutions and to track the business histories of regulated industries."

    August 22, 2006
    * Presentation on Metadata Pitfalls and Protections

    Metadata and other things that go bump in the night (41 pages, PDF) - "There is data lurking in your data. Some people call it "invisible ink". Microsoft refers to it as "metadata". Either way, the reference is to information in an electronic document that is not always visible. This session will explain the dangers of metadata, how to avoid it, and recent bar association interest in the ethics of exposing or mining metadata." [by Catherine Sanders Reach]

    August 18, 2006
    * DHS Announces Establishment of Records Digitization Facility

    Press release, August 17, 2006, U.S. Citizenship and Immigration Services: "USCIS Announces Establishment of a Records Digitization Facility in Williamsburg, Ky., that will digitize more than one million UCIS Alien-Files (A-Files) during the first phase...[there are approximately 70 million immigration records]."

    August 01, 2006
    * HHS Final Rule on New Safe Harbor for Donation of E-Health Records Technology

    Final Rule: Safe Harbors for Certain Electronic Prescribing and Electronic Health Records Arrangements Under the Anti-Kickback Statute, pre-publication copy - to be published in August 8, 2006 Federal Register. (133 pages, PDF)

    Related references:

  • CMS press release, Physician Self-Referral Exceptions for Electronic Prescribing and Electronic Health Records Technology, August 1, 2006
  • * GAO Report on Financial Accounting Restatements

    Financial Restatements: Update of Public Company Trends, Market Impacts, and Regulatory Enforcement Activities, Full text GAO-06-678, and Highlights, July 24, 2006.

  • "While the number of public companies announcing financial restatements from 2002 through September 2005 rose from 3.7 percent to 6.8 percent, restatement announcements identified grew about 67 percent over this period. Industry observers noted that increased restatements were an expected byproduct of the greater focus on the quality of financial reporting by company management, audit committees, external auditors, and regulators."
  • July 17, 2006
    * New on LLRX.com

  • And you thought gadgets were only for the kitchen: The Return, by
    Brian Neale, Roger Skalbeck, Susan Skyzinski and Barbara Fullerton

  • And you thought gadgets were only for the kitchen: The Future, by
    Brian Neale, Roger Skalbeck, Susan Skyzinski and Barbara Fullerton

  • Writing Justice Blackmun, by Linda Greenhouse

  • Statement of Meredith Fuchs, General Counsel, The National Security Archive, Before the House Permanent Select Committee on Intelligence Hearing on the Media’s Role and Responsibilities in Leaks of Classified Information

  • Refining the Standard: Authenticating Computer-Based Evidence, by M. Sean Fosmire

  • Update to Researching Australian Law, by Nicholas Pengelley

  • Faulkner's Practical Web Strategies for Attorneys: Four Ways to Enhance Your Firm Website, by Frederick L. Faulkner IV

  • E-Discovery Update - by Fios Inc.: How Well Can You Protect Privilege Through Private Contract?, by Conrad J. Jacoby

  • CongressLine, by GalleryWatch.com: Congressional Seedlings, by Paul Jenks

  • Express Yourself on Your PDA, by Brett Burney

  • FOIA Facts: Who or What Constitutes Media under the FOIA?, by Scott A. Hodes

  • The Government Domain: Summer Infosnacks, by Peggy Garvin

  • A Cup of Creativi-tea: Icebreakers, by Terri Wilson

  • After Hours: The Grill Guru / Incense and...Cinnamon?, by Kathy Biehl

  • Commentary: Voters Rights Act, by Beth Wellington

  • LLRX Court Rules, Forms, and Dockets, the unique, free searchable database, maintained and continually updated by Margaret Berkland.

  • LLRX.com Bookstore has new recommendations
  • July 05, 2006
    * Most Large North American Organizations Subjected to Security Breaches

    Press release: "CA today announced a new security survey of 642 large North American organizations which shows that more than 84% experienced a security incident over the past 12 months and that the number of breaches continues to rise. According to the findings, security breaches have increased 17% since 2003. As a result, 54% of organizations reported lost workforce productivity; 25% reported public embarrassment, loss of trust/confidence and damage to reputation; and 20% reported losses in revenue, customers or other tangible assets. Of the organizations which experienced a security breach, 38% suffered an internal breach of security."

  • See also As data breaches pile up, OMB cracks down - Experts call for CIOs to have more authority
  • July 04, 2006
    * British Medical Journal Reports on Electronic Records and Patient Choice

    "The potential benefits of sharing patient electronic records within health systems are broadly agreed, but concerns remain over patient consent and security. Experts in this week's BMJ discuss how patients should consent to use of electronic records in the NHS and how the data can be kept secure."

  • view full paper

  • view commentary

  • view editorial 1

  • view editorial 2
  • June 27, 2006
    * Courts and Agencies Report on Disaster Preparedness Programs

  • Administrative Office of the U.S. Courts: Start of Hurricane Season Finds Courts Learning from Past

  • Agencies make [Continuity of Operations] COOP, disaster recovery even higher priorities
  • June 20, 2006
    * FTC and DOJ Allow Electronic Submission of Premerger Notification Filings

    Press release: "The Federal Trade Commission and the Department of Justice's (DOJ) Antitrust Division today announced that they are implementing an electronic filing system that allows merging parties to submit via the Internet premerger notification filings required by the Hart-Scott-Rodino (HSR) Act. Electronic filings may be submitted quickly and easily, eliminating the time and expense entailed in duplicating and delivering documents."

    Related government documents:

  • 16 C.F.R. Part 803: Premerger Notification: Reporting and Waiting Period Requirements: Final Rules Amending Premerger Notification Rules To Update and Improve the Effectiveness of the Rules By Allowing Submission of Notification and Report Forms Electronically Via the Internet [Text of the Federal Register Notice]

  • Notification and Report Form

  • Instructions

  • June 11, 2006
    * eHealth Vulnerability Reporting Program Launched

    "...the eHealth Vulnerability Reporting Program (eHVRP) is a collaborative of health care industry organizations, technology companies and security professionals. eHVRP’s mandate is to establish approaches and procedures that will help ensure eHealth systems are broadly and rapidly deployed with the highest levels of privacy and security."

    May 24, 2006
    May 15, 2006
    * Reliability and Integrity of Digital Evidence Often in Question

    An interesting article in today's National Law Journal (free) discusses issues associated with the integrity of digital evidence, including email, photos, and metadata.

    May 10, 2006
    * Morgan Stanley Sued for Repeated E-Mail Production Failures

    SEC press release: "The Securities and Exchange Commission today filed a civil injunctive action against Morgan Stanley & Co. Incorporated for failing to produce tens of thousands of e-mails during the Commission's IPO and Research Analyst investigations from Dec. 11, 2000, through at least July 2005. The Commission alleges in its complaint that Morgan Stanley did not diligently search for back-up tapes containing responsive e-mails until 2005. Morgan Stanley also failed to produce responsive e-mails because it over-wrote back-up tapes."

    May 08, 2006
    * GAO Reports on Sarbanes-Oxley Compliance Costs for Small Companies

    Sarbanes-Oxley Act: Consideration of Key Principles Needed in Addressing Implementation for Smaller Public Companies,
    Full Report GAO-06-361, and Highlights, April 13, 2006.

  • "...for smaller public companies (defined in this report as $700 million or less in market capitalization), the cost of compliance has been disproportionately higher (as a percentage of revenues) than for large public companies, particularly with respect to the internal control reporting provisions in section 404 and related audit fees. Smaller public companies noted that resource limitations and questions regarding the application of existing internal control over financial reporting guidance to smaller public companies contributed to challenges they face in implementing section 404."
  • May 02, 2006
    * Collaborative Blog Focuses on Health IT Issues

    HealthNex blog, sponsored by IBM, is a joint effort by industry and consumer groups, focused on sharing resources pertaining to e-health records and other IT related issues (such as RFID technology and patient privacy).

    May 01, 2006
    * Challenges in Digitizing Immigration Files

    Information Technology: Near-Term Effort to Automate Paper-Based Immigration Files Needs Planning Improvements, Full text GAO-06-375, Highlights, March 31, 2006.

  • "The United States Citizenship and Immigration Services (USCIS) relies on about 55 million paper-based files to adjudicate applications for immigration status and other benefits. Ensuring the currency and availability of these manual files, referred to as alien files, or A-Files, is a major challenge."
  • April 30, 2006
    * Methods To Trace Identity of E-Mail Sender Assist Litigation

    Follow the E-Mail Trail - What you can learn from the data embedded in e-mail headers, by Mark A. Berman and Aaron Zerykier, The National Law Journal.

    April 21, 2006
    * NY County First in Nation to Require Business Wireless Security

    ComputerWorld reports that Westchester County in New York is the first county in the nation to require all businesses with wireless networks that collect consumer related data to use "minimun security measures."

    * GAO Reports on Flaw in Governmentwide Financial Report System

    Financial Management Systems: Lack of Disciplined Process Puts Effective Implementation of Treasury's Governmentwide Financial Report System at Risk, Full-text GAO-06-413, Highlights, April 21, 2006.

    April 14, 2006
    * E-Discovery and Compliance Require Command of Search Terms

    ABA Journal: Understanding Search-Term Basics Ensures More Thorough E-Discovery Compliance

    April 10, 2006
    * NARA Final Rule on National Industrial Security Program Directive

    Federal Register: April 10, 2006 (Volume 71, Number 68)][Rules and Regulations][Page 18007-18008], National Archives and Records Administration (NARA), Final Rule: "The Information Security Oversight Office (ISOO), National Archives and Records Administration (NARA), is publishing this Directive pursuant to section 102(b)(1) of Executive Order 12829, as amended, relating to the National Industrial Security Program. This order establishes a National Industrial Security Program (NISP) to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. Redundant, overlapping, or unnecessary requirements impede those interests. Therefore, the NISP serves as the single, integrated, cohesive industrial security program to protect classified information and to preserve our Nation's economic and technological interests. This Directive sets forth guidance to agencies to set uniform standards throughout the NISP that promote these objectives."

    * Inadvertent Release of Sensitive Data Via Use of Ubiquitous Software

    FCW.com: Agencies risk unwitting release of sensitive information using popular office software: "The causes of much of the hidden data problem are users' ignorance of how digital documents work and software companies' tendency to give customers too much of what they want — ease of use and flexibility."

    April 03, 2006
    * DHS Director Does Not Use Email

    New York Times interview with DHS Director Michael Chertoff,by Deborah Solomon, April 2, 2006: Chertoff states, "I don't use e-mail. One reason is when you write an e-mail, you have to be mindful of the fact that nothing ever disappears. It can be deleted, but it is still in the system somewhere...They can get me. They don't need to e-mail me. There's a thing called a telephone."

    March 20, 2006
    * Transformational Technology Areas Critical to US and UK Defense

    Defense Critical Technologies, (151 pages, PDF), March 2006. This report is a product of the Defense Science Board (U.S.) and the Defence Scientific Advisory Council (UK). This report is unclassified.

    * Enterprise Search Makes Inroads in Tackling Corporate Info Overload

    ComputerWorld reports on enterprisewide search applications implemented by large corporations for a range of tasks, including competitive intelligence, e-discovery, and generating intranet content. Solutions such as FAST, Autonomy and Endeca index formats including text, audio and video.

    * GAO Reports on Costs and Failures Associated With FBI IT Upgrade

    Federal Bureau of Investigation: Weak Controls over Trilogy Project Led to Payment of Questionable Contractor Costs and Missing Assets, Full-text, GAO-06-306, and Highlights, February 28, 2006.

  • "The Trilogy project--initiated in 2001--is the Federal Bureau of Investigation's (FBI) largest information technology (IT) upgrade to date. While ultimately successful in providing updated IT infrastructure and systems, Trilogy was not a success with regard to upgrading FBI's investigative applications. Further, the project was plagued with missed milestones and escalating costs, which eventually totaled nearly $537 million."
  • March 15, 2006
    * Redaction of Confidential Info in Documents to be Distributed as PDF

    Adobe whitepaper, Redaction of Confidential Information in a Document: "How to safely remove sensitive information from Microsoft Word documents and convert to PDF"

    February 26, 2006
    * NSA Expands Data Mining Progam With Purchase of New Tech Tools

    Follow-up to National Journal Article Claims Curtailed Gov't Surveillance Program Still Active, from today's New York Times, Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data: "...by fundamentally changing the nature of surveillance, high-tech data mining raises privacy concerns that are only beginning to be debated widely. That is because to find illicit activities it is necessary to turn loose software sentinels to examine all digital behavior whether it is innocent or not."

  • Related postings on data mining

  • Related postings on domestic surveillance
  • February 21, 2006
    * NARA Final Rule on Disposition of Short-Term E-Records

    "Summary: NARA is revising our regulations to provide for the appropriate management and disposition of very short-term temporary e-mail, by allowing agencies to manage these records within the e-mail system." Federal Register, February 21, 2006 (Volume 71, Number 34)] [Rules and Regulations][Page 8806-8808].

    * Security Issues Escalate With Popularity of Handheld Devices

    New York Times: Too Many New Gadgets, Too Much Information at Risk: Loss, theft and viruses are major issues as corporate use of handheld devices and pocket PCs increases. Pre-emptive security options are available however, as this article describes.

    February 19, 2006
    * Top Defense and Homeland Security Officials Shun Email

    They Haven’t Got Mail - The Katrina hearings haven’t only revealed critical information about White House responses to the hurricane. They’ve also uncovered the online secrets of Donald Rumsfeld and Michael Chertoff: "...congressional investigations of government responses to Hurricane Katrina have revealed that two of the nation's key crisis managers, the secretaries of Defense and Homeland Security, do not use e-mail...Spokesmen for the two officials maintain that Rumsfeld and Chertoff were kept informed during Katrina the same way as they keep in touch during other crises: through aides and a variety of other communications methods..."

  • House Releases Lengthy, Scathing Report on Govt's Flawed Response to Katrina, and other related postings on Katrina.
  • February 16, 2006
    * FTC Announces Reforms to the Merger Review Process

    FTC press release: "The primary reforms to the merger review process establish presumptions that the FTC will: (1) limit the number of employees required to provide information in response to a second request, provided the party complies with specified conditions; (2) reduce the time period for which a party must provide documents in response to the second request; (3) allow a party to preserve far fewer backup tapes and produce documents on those tapes only when responsive documents are not available through more accessible sources; and (4) significantly reduce the amount of information parties must submit regarding documents they consider to be privileged."

  • Reforms to the Merger Review Process: Announcement By Deborah Platt Majoras, Chairman, Federal Trade Commission (February 16, 2006), Text of the Announcement (31 pages, PDF)
  • February 03, 2006
    * UK Gov't Conducts Public Inquiry on Digital Rights Management

    "The All Party Parliamentary Internet Group (APIG) [held] an oral evidence session [February 2, 2006] at the House of Commons, as part of its public inquiry on Digital Rights Management(DRM)...The inquiry...is seeking to establish how consumers, artists and the distribution companies should be protected in a continually evolving market place...Regrettably, this session will not be open to the public but a full transcript of the sessions will be made publicly available when the final report is published in April."

  • BBC News: Libraries fear digital lockdown - "Libraries have warned that the rise of digital publishing may make it harder or even impossible to access items in their collections in the future."
  • February 02, 2006
    * Correspondence on Libby Indictment Mentions Missing Emails

    Late last night AP reported that Special Counsel Patrick J. Fitzgerald stated in legal correspondence [the full text of which is available here in PDF] related to discovery in the Libby CIA leak indictment, that White House email from 2003 failed to be properly archived. The article quotes the response of noted government secrecy expert Steven Aftergood to this disclosure as follows - "Bottom line: Accidents happen and there could be a benign explanation, but this is highly irregular and invites suspicion."

    January 27, 2006
    * Searchable Database of CPT and HCPCS Medical Codes

    From askSam: "CPT and HCPCS Medical Codes, Free Searchable Version: This database contains a complete listing of CPT codes (Current Procedural Terminology) and HCPCS codes (Healthcare Common Procedure Coding System). This database is fully searchable by code, description, type or category."

    January 25, 2006
    * Surveillance Increasingly Woven Into Fabric of Online World

    This New York Times essay, A Growing Web of Watchers Builds a Surveillance Society, by David Shenk, offers especially cautionary insight in light of the growing public and political response to revelations about the government's domestic surveillance program.

  • After Subpoenas, Internet Searches Give Some Pause
  • Survey finds solid opposition to release of Google data to feds

  • January 24, 2006
    * Trio of Reports Released By DHS on Network and Security Issues

  • Management of the DHS Wide Area Network Needs Improvement (PDF, 32 pages - 264 KB)

  • Security Weaknesses Increase Risks to Critical DHS Databases (Redacted) (PDF, 36 pages)

  • US-VISIT System Security Management Needs Strengthening (Redacted) (PDF, 47 pages)
  • January 18, 2006
    * Three New Columns Offer Range of Valuable Resources to LLRX.com Readers

    I am delighted to announce the addition of three new columns on LLRX.com, authored by leading professionals from different spheres of our community.

  • Law librarian and blogger Connie Crosby writes about The Tao of Law Librarianship, the second installment of which is titled Do-It-Yourself Professional Development.

  • Faulkner's Practical Web Strategies for Attorneys, by Frederick L. Faulkner IV, is a monthly review of technologies, strategies, and techniques that can help you and your firm take advantage of the Web. Fred is the Web Manager for the American Bar Association.

  • E-Discovery Update - by Fios Inc., is a particularly timely resource that will be the collective work of a rotating group of electronic data compliance experts. This column will be of special interest to attorneys, IT and litigation support professionals.
  • January 13, 2006
    * Test of E-Passports Begins at SFO

    DHS press release: "A live test of e-Passports, that contain contactless chips with biographic and biometric information and the readers that are capable of reading these e-Passports, begins January 15, 2006 at Terminal G at San Francisco International Airport (SFO). This test is a collaborative effort between the United States, Australia, New Zealand and Singapore that will run through April 15, 2006."

    January 11, 2006
    * Searches and Seizures in a Digital World

    Searches and Seizures in a Digital World, by Orin S. Kerr (55 pages, PDF)

    January 03, 2006
    * Ramifications of Proposed Federal Rules On E-Discovery

    Document management systems go to court - New federal rules for 2006 could come down hard on IT:

  • "First, the proposed amendments to Rule 26 will require attorneys for both parties to a litigation in Federal court to sit down prior to the proceedings to discuss their clients’ document management systems....Rule 37(f), also called a safe harbor rule, says that corporations that have lost information but have otherwise acted in good faith cannot be sanctioned."
  • December 24, 2005
    * Microsoft Announces Details of RSS Integration With Outlook

    RSS Aggregation - Part 1: The Partnership

    December 12, 2005
    * UK Firm Promotes Self Destructing Text Messages

    This text will self-destruct in 40 seconds - Next year self-deleting emails and photo messages too.: "Staellium UK said that its StealthText service will allow business executive dealing in sensitive information to send texts which will delete themselves from the recipient's mobile phone as soon as the person has read them."

  • Details
  • December 05, 2005
    * Spear Phishing Target Specific Individual, Corporate, Gov't Data

    Following up on previous postings about phishing, the New York Times yesterday published an article, Gone Spear-Phishin' detailing the extent, impact and intent of cybercriminals who launch Trojans to steal the data of individuals and corporations, for both profit and personal reasons.

  • See also Business Week, Phishing: Beware the Internal Revenue Scam: "The official-looking e-mails promise an income-tax refund, but they're really one more reminder to be cautious with personal info online."
  • November 30, 2005
    * SEC Votes to Propose Rule to Provide Investors with Internet Availability of Proxy Materials

    Press release, November 29, 2005: "The Securities and Exchange Commission today voted to propose for public comment rules that would allow companies and other persons to use the Internet to satisfy proxy material delivery requirements...The company would post its proxy materials on an Internet Web site (other than EDGAR) and would send a 'Notice of Electronic Proxy Materials' (the Notice) at least 30 days before the date of meeting."

    November 22, 2005
    * DOJ IG Report on Agency's Top Management and Performance Challenges

    November 18, DOJ/OIG Top Management and Performance Challenges in the Department of Justice - 2005: Counterterrorism; Sharing of Law Enforcement and Intelligence Information; Department and FBI Intelligence-Related Reorganizations; Information Technology Systems Planning and Implementation; Information Technology Security; Financial Management and Systems; Grant Management; Detention and Incarceration; Judicial Security; and Supply and Demand for Drugs.

    * Library of Congress Launches World Digital Library Initiative

    Library of Congress press release: "Google Is First Private-Sector Partner with Funding of $3 Million. Librarian of Congress James H. Billington and Google Co-Founder Sergey Brin announced today that Google is the first private-sector company to contribute to the Library's initiative to develop a plan to begin building a World Digital Library (WDL) for use by other libraries around the globe. The effort would be supported by funds from nonexclusive, public and private partnerships, of which Google is the first. The concept for the WDL came from a speech that Billington delivered to the newly established U.S. National Commission for UNESCO on June 6, 2005, at Georgetown University."

    Related news and links:

  • Washington Post op-ed, A Library for The New World, by James H. Billington: "Libraries are inherently islands of freedom and antidotes to fanaticism. They are temples of pluralism where books that contradict one another stand peacefully side by side just as intellectual antagonists work peacefully next to each other in reading rooms. It is legitimate and in our nation's interest that the new technology be used internationally, both by the private sector to promote economic enterprise and by the public sector to promote democratic institutions."

  • The Library of Congress American Memory historical collections

  • A Man's Vision: World Library Online - Brewster Kahle hopes to realize his 25-year dream of an international book archive

  • November 21, 2005
    * Push to Digitize Personal Health Records Moves Forward in Senate

    S. 1418: Wired for Health Care Quality Act, A bill to enhance the adoption of a nationwide inter operable health information technology system and to improve the quality and reduce the costs of health care in the United States. Passed Senate by voice vote, November 18, 2005.

    Related documents:

  • S. 1355
  • Senate Report 109-111

  • EPIC and Patient Privacy Rights Launch Campaign to Protect Medical Records

  • November 07, 2005
    * Trail of Data Revisions Adhere to Documents

    Law tech guru Dennis Kennedy is quoted in this article in today's New York Times: Beware Your Trail of Digital Fingerprints. He suggests practical ways to eliminate data deleted in revisions when it is determined that documents have been finalized.

  • See also the upcoming BlawgThink program, November 11-12.
  • November 06, 2005
    * NARA Records Retention Schedule

    Federal Register, November 2, 2005 (Volume 70, Number 211), Page 66470-66472. National Archives and Records Administration (NARA). Notice of availability of proposed records schedules; request for comments.

  • "Each year Federal agencies create billions of records on paper, film, magnetic tape, and other media. To control this accumulation, agency records managers prepare schedules proposing retention periods for records and submit these schedules for NARA's approval, using the Standard Form (SF) 115, Request for Records Disposition Authority. These schedules provide for the timely transfer into the National Archives of historically valuable records and authorize the disposal of all other records after the agency no longer needs them to conduct its business. Some schedules are comprehensive and cover all the records of an agency or one of its major subdivisions. Most schedules, however, cover records of only one office or program or a few series of records. Many of these update previously approved schedules, and some include records proposed as permanent."
  • October 31, 2005
    * Global Computer Waste Exported to Africa

    Following up on previous postings related to security risks associated with discarding PC hard drives, the parallel environmental toll of the expanding amount of e-waste generated by constant hardware upgrades, via the The Basel Action Network (BAN):

  • High-Tech Toxic Trash Exported to Africa

  • The Digital Dump: Exporting Re-Use and Abuse to Africa

  • Information Recovered from Discarded Hard Drives of Computers in Lagos, Nigeria.

  • October 13, 2005
    * Survey Says Patients and Physicians Support E-Health System

    Press release: "Eighty-six percent of U.S. physicians surveyed said that a health-care system that adopted information technology such as electronic health records would improve the quality of health care patients receive. In addition, 79 percent of patients also believe that, according to national surveys commissioned by the Technology CEO Council."

    Related links:

  • Technology CEO Council, A Healthy System Report, October 12, 2005 (44 pages, PDF)
  • Tech executives push for digital medical records

  • Are consumers missing from the health IT picture?

  • October 11, 2005
    September 30, 2005
    * E-Health Records Focus of House Cmte. Hearing

    Committee on Government Reform, September 29, 2005 hearing, The Last Frontier: Bringing the IT Revolution to Healthcare.

  • "Doctors continue to write billions of handwritten prescriptions every year, a significant portion of which are illegible, or involve incorrect or incompatible drugs. According to one survey, only 15 percent of physicians are using electronic prescribing systems, and only 3 percent of prescriptions are processed electronically. Computerized order-entry systems coupled with electronic health records offer enormous potential."

  • Links to Opening Statement by Chairman Davis' and Witness Testimony

  • Proposed legislation to create electronic health record (EHR) for 4 million current and former federal employees.
  • September 22, 2005
    * Website Provides Access to Prescription Info on Katrina Evacuees

    "KatrinaHealth.org, an online service to help individuals affected by Hurricane Katrina work with their health professionals to gain access to their own electronic prescription medication records. Through KatrinaHealth.org authorized pharmacists and doctors can get records of medications evacuees were using before the storm hit, including the specific dosages."

    September 20, 2005
    * National Archives Offers Assistance to Gulf States

    Press release: "Archivist of the United States Allen Weinstein announced today several initiatives to aid in the recovery of original records in the states of Mississippi, Alabama, and Louisiana that have been affected by Hurricane Katrina...[he stated] the potential loss of information that directly affects the lives of people in these states is staggering. The loss of our collective memory of this region, 'identity loss' in other words, is at stake. Property deeds; birth certificates; personal papers; information documenting the rights and entitlements of citizens, such as social security and veterans benefits, are all at risk. Records found in Federal, state, local and cultural sites must be rescued."

    September 13, 2005
    * Part of 9/11 Commission Report Reissued With Redacted Text Restored

    Press release: "After a second review by the executive branch, a September 12, 2005 version of the 9/11 Commission Staff Monograph on the Four Flights and Civil Aviation Security has been released by the U.S. Department of Justice and transferred to the National Archives. This newer version of the report contains fewer redactions than the version first released on January 28, 2005."

  • The newly released September 12, 2005 version of the monograph is available on the National Archives website (121 pages, http://www.archives.gov/research/9-11-commission/">PDF).

    Related links:
  • The full text of the January 28, 2005 version is also available on the National Archives' website (120 pages, PDF)

  • Related links on the 9/11 Commission and the 9/11 Public Discourse Project

  • F.A.A. Alerted on Qaeda in '98, 9/11 Panel Said

  • September 09, 2005
    * NARA Announces E-Records Advisory Committee and Contract to Build E-Archives

  • National Archives Announces Advisory Committee for Electronic Records Archives

  • NARA press release, September 8, 2005: "Today, Archivist of the United States Allen Weinstein announced the award of a $308 million, six year contract to Lockheed Martin to build the Electronic Records Archives (ERA) system for the National Archives and Records Administration (NARA). The ERA system will capture and preserve the electronic records of the federal government, regardless of format, ensure hardware and software independence, and provide access to the American public and Federal officials."
  • August 30, 2005
    * SEC May Fine Broker-Dealer Over E-Mail Retention Violations

    Reuters reported on a WSJ article focused on the SEC's ongoing enforcement proceedings against Morgan Stanley which may now include a civil penalty in excess of $10 million for not retaining relevant e-mail.

    August 23, 2005
    * GSA Issues Request for Information to Provide Data Mining Application With Expansive Scope

    "The intent of this RFI is, consistent with the direction in the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004, to provide Electronic Directory Services (EDS), or the functional equivalent, to enable authorized participants to locate and access information, organizations, services and personnel in support of their respective mission requirements for terrorism information...An initial capability must at a minimum, contain terrorism information and be accessible to the Federal government with a clear path for early expansion to State, local, and tribal officials, law enforcement, the private sector, and foreign allies. The rough order of magnitude capacity of the ELECTRONIC DIRECTORY SERVICES (EDS) for the long term is thousands of organizations and, potentially, millions of individual users, and hundreds of thousand or millions of accesses each day (emphasis added)." [Link]

    August 09, 2005
    * Law Firm Implements Secure IM System

    Law Firm Fends Off IM Threats

    July 29, 2005
    * Presentations and Bibliography on Law Firms and Outsourcing

    PowerPoint presentations prepared by Lee Nemchek, Larry Eiring, and Ganesh Natarajan, and a 3-page outsourcing bibliography (in Word), from the PLL-sponsored program entitled "Outsourcing: Odious or Out-of-the-Box [Link to all these materials].

    * Recommendations for E-Fax Applications

    The topic of e-fax continues to be of interest according to legal listserv postings, so this new PC Magazine article, Internet Faxing Reaches the Mainstream, may be of assistance to those who have yet to settle on a specific application.

    * GAO Report on Financial Markets' Electronic Security Initiatives

    Financial Market Organizations Have Taken Steps to Protect against Electronic Attacks, but Could Take Additional Actions, GAO-05-679R, June 29, 2005.

  • "We found that all seven of the selected financial market organizations are taking steps to prevent their operations from being disrupted by electronic attacks. Each of the organizations had implemented the five major elements of a sound information security program. However, we identified actions that each organization could take to further improve their protections against attacks or unauthorized access."
  • July 21, 2005
    * Accenture Survey Finds Growing Support for Electronic Health Records

    Press release: "A majority of U.S. consumers believe that electronic medical records can provide valuable benefits, especially during medical emergencies, and can improve overall medical care, according to the results of a survey released today by Accenture."

    July 15, 2005
    * GAO Reports on E-Records Archives and Agency Info Security

  • Information Management: Acquisition of the Electronics Records Archives Is Progressing GAO-05-802, July 15, 2005. Highlights.

  • Information Security: Weaknesses Persist at Federal Agencies Despite Progress Made in Implementing Related Statutory Requirements GAO-05-552, July 15, 2005. Highlights: "Pervasive weaknesses in the 24 major agencies' information security policies and practices threaten the integrity, confidentiality, and availability of federal information and information systems. Access controls were not effectively implemented; software change controls were not always in place; segregation of duties was not consistently implemented; continuity of operations planning was often inadequate; and security programs were not fully implemented at the agencies."
  • July 12, 2005
    * Current Administration Classifying Documents at Unprecedented Rate

    New York Times editorial today, The Dangerous Comfort of Secrecy: "The Bush administration is classifying the documents to be kept from public scrutiny at the rate of 125 a minute. The move toward greater secrecy has nearly doubled the number of documents annually hidden from public view - to well more than 15 million last year, nearly twice the number classified in 2001 - as bureaucrats have invented more amorphous categories like "sensitive security information." At the same time, the declassification of documents required under the Freedom of Information Act has been choked down to a fraction of what it was a decade ago, leaving the government working behind an ever darker, ever denser screen."

    July 06, 2005
    * NY County Clerk's Office Launches First Subscriber Service in Nation

    Government Technology reports that Suffolk County, New York is blazing an e-government trail with the launch of a subscriber based Virtual County Clerk's Office. The service will allows subscribers to "perform title searches for residential and commercial property, do background searches for employment and credit worthiness, or procure other land property documents..." and receive e-mail alerts on new information added to the clerk's online database.

    June 30, 2005
    * 2005 Global Security Study and Related Resources on ID Theft

    Deloitte & Touche published their annual Global Security Study, 2005 (44 pages, PDF) which surveys the state of IT security in the finanical services industry.

    Related references:

  • Personal Finance: How you can (and can't) avoid identity theft

  • More States Giving Consumers Power to Freeze Credit Files; Security Freeze Gives Consumers Powerful Protection Against ID Theft

  • June 29, 2005
    * Hearing on Air Passenger Screening System and Watch Lists

    "CDT Executive Director Jim Dempsey today warned a House subcommittee [Testimony: 12 pages, PDF]that government efforts to create a new air traveler screening system -- called Secure Flight -- have yet to adequately address critical issues concerning the system's effectiveness and ability to protect the privacy and due process rights of Americans. CDT said that the government must develop consistent criteria for adding suspected terrorists to watch lists and should collect from airlines only the minimum amount of data necessary to make effective matches against those lists."

  • Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity Hearing: "Improving Pre-Screening of Aviation Passengers" Against Terrorist and Other Watch Lists," June 29, 2005. Link to panel of witnesses and their respective testimony.

  • Related postings in Secure Flight
  • June 27, 2005
    * Italian Lawyers Group Embraces Open Source Software for Document Management

    NewsForge has a detailed and very interesting posting on how a group of Italian attorneys have formed a consortium to facilitate the distribution of, and training programs about how to efficiently use open source applications for a range of document management applications as well as e-filing of court documents.

    June 16, 2005
    * Will ISPs Be Required to Retain Customer Data for Gov't Review?

    According to an article today by Declan McCullagh, the DOJ is reviewing the implementation of "data retention rules that could permit police to obtain records of e-mail, browsing or chat-room activity months after ISPs ordinarily would have deleted the logs--if they were ever kept in the first place."

    * Questions About Costs of Sarbanes-Oxley Compliance

    The WSJ free content today includes this article, How Much Is It Really Costing To Comply With Sarbanes-Oxley?, that cites a range of reports, surveys and statistics offering contradictory estimates on actual corporate compliance costs.

  • Related reference, from AEI-Brookings Joint Center, this 76 page report (PDF): Economic Consequences of the Sarbanes-Oxley Act of 2002
  • June 03, 2005
    * HHS Releases Report on Nationwide Health Information Exchange

    Largest Compilation of Private-Sector Comments on Nationwide Interoperable Health Information Exchange to Date: "The U.S. Department of Health and Human Services today released a report summarizing over 500 responses from individuals and private industry on interoperable health information exchange. The report, Summary of Nationwide Health Information Network Request for Information Responses, is a compilation of responses to a request for information (RFI) that sought input from the public on how to move forward on the development and adoption of a nationwide health information exchange."

  • Summary of Nationwide Health Information Network Request for Information Responses (80 pages, PDF

  • Related references on Nationwide Interoperable Health Information Network

  • May 25, 2005
    * Montana State Agencies Failed to Delete Sensitive Data From Discarded Hard Drives

    AP reported that an audit revealed Montana state agencies failed to scrub the hard drives of state computers containing personal data (including social security numbers, income tax reports and medical records) prior to donating, selling and otherwise transferring their ownership.

  • Related reference: Critical Importance of Cleaning Hard Drives When Replacing Your PC
  • May 19, 2005
    * SEC Issues New Sarbanes Oxley Compliance Guidelines

    Division of Corporation Finance, Office of the Chief Accountant, U.S. Securities and Exchange Commission, May 16, 2005 - Staff Statement on Management's Report on Internal Control Over Financial Reporting:

  • "The staff is providing this guidance to...addresses the following areas: The purpose of internal control over financial reporting; Reasonable assurance, risk-based approach, and scope of testing and assessment; Evaluating internal control deficiencies; Disclosures about material weaknesses; Information technology issues; Communications with auditors; and Issues related to small business and foreign private issuers."

  • May 18, 2005
    * Survey Indicates Increased Use of Employee Monitoring Practices

    2005 Electronic Monitoring & Surveillance Survey: Many Companies Monitoring, Recording, Videotaping—and Firing—Employees

  • "From computer monitoring and telephone taping to video surveillance and GPS satellite tracking, employers are using policy and technology to manage productivity and protect resources. To motivate employee compliance, companies increasingly are putting teeth in technology policies. Fully 26% have fired workers for misusing the Internet. Another 25% have terminated employees for e-mail misuse. And 6% have fired employees for misusing office telephones."


  • Related reference:
  • From the WSJ free features: Monitoring of Workers Is Boss's Right but Why Not Include Top Brass?

  • May 11, 2005
    * Significant Hurdles Stymie Rollout of Terror Watch List

    The Terror Watch List, under development for several years, has been plagued by set-backs; administrative, technical and political in nature. This BusinessWeek.com article reviews the origins of the system, the technology hurdles encountered during the course of its development, and the plans for its completion.

  • See also Airline screening program panned by House appropriators
  • May 10, 2005
    * Commentary on Ramifications of REAL ID Act

    REAL ID: "The United States is getting a national ID card. The REAL ID Act (text of the bill and the Congressional Research Services analysis of the bill) establishes uniform standards for state driver's licenses, effectively creating a national ID card. It's a bad idea, and is going to make us all less safe. It's also very expensive. And it's all happening without any serious debate in Congress."

  • See also Senator Slams New Driver's License Rules and 'Real ID' Under Fire

  • May 09, 2005
    * GPO and LC Confront Challenges to Web Docs Preservation Efforts

    From Federal Computer Week, this article reviews the challenges of digital preservation programs initiated by LC and GPO. The agencies are seeking technology solutions that harvest data on government documents to fulfill directives to digitize collections, archives and websites. Challenges to these initiatives include copyright issues, vast deep web document repositories, and the tremendous scope of data involved.

  • See also Library of Congress and National Science Foundation Announce Research Awards of $3 Million To Advance Digital Preservation
  • May 04, 2005
    * Hearing on Assessing Data Security

    Committee on Financial Services hearing entitled "Assessing Data Security: Preventing Breaches and Protecting Sensitive Information," May 04, 2005.

  • Opening Statement of Chairman Michael G. Oxley

  • Opening Statement of Representative Paul E. Gillmor

  • Prepared Testimony: Ms. Barbara Desoer, Global Technology, Service & Fulfillment Executive, Bank of America; Mr. Eugene Foley, President & CEO, Harvard University Employees Credit Union; Mr. Don McGuffey, Senior Vice President for Data Acquisition and Strategy, ChoicePoint; Mr. Kurt P. Sanford, President & CEO, U.S. Corporate & Federal Government Markets, LexisNexis; Mr. Bestor Ward, President, Safe Archives-Safe Shredding, LLC


  • Related reference:
  • Industry says no need for more privacy laws

  • May 02, 2005
    * Backup Tapes With Personal Data on More Than Half Million Employees...Lost?

    Information on 600,000 current, former Time Warner workers missing

    April 28, 2005
    * National Archivist Testifies on NARA's E-Records Programs

    Press Release, April 26, 2005, National Archivist Testified Before Congress on '06 Budget Request: "In his testimony, the Archivist focused on four areas in particular that are of major importance to the National Archives and Records Administration: The Electronic Records Archives (ERA), the Nixon Library, the National Archives Experience, and the issue of document security.

    April 19, 2005
    * Courts Make Progress in Implementing E-Case Management Systems

    From the Federal Judiciary Newsroom today: "Implementation of the federal judiciary's Case Management and Electronic Case Files (CM/ECF) system continues in appellate, district and bankruptcy courts across the country. The new system provides courts with the option to have case file documents in electronic form, and to accept filings over the Internet. Details.

    April 08, 2005
    * Significant Rise in Classification of Gov't Docs Focus of New Reports

    Data on the classification of government documents, compiled by the National Records and Archives Administration's Information Security Oversight Office, is available in the 2004 Report to the President:

  • "This report provides information on the status of the security classification program as required by Executive Order 12958, as amended, "Classified National Security Information.” It includes statistics and analysis concerning components of the system, primarily classification, declassification, and the ISOO inspection program. It also contains information with respect to industrial security in the private sector as required by Executive Order 12829, as amended, "National Industrial Security Program."

  • Related report - The Federal Government Keeps More Secrets for Longer, New Data Shows: "The federal government set a new record for keeping secrets in 2004, during which government employees chose to classify information a record 15.6 million times, according to new government figures released this week and highlighted in an update to OpenTheGovernment.org's Secrecy Report Card" (4 pages, PDF).
  • April 07, 2005
    * Searches and Seizures in a Digital World

    Searches and Seizures in a Digital World, by Orin S. Kerr, forthcoming in Harvard Law Review, Vol. 119, 2006.

  • "This article offers a normative framework for applying the Fourth Amendment to searches of computer data. It begins by exploring the basic differences between physical searches of physical property and electronic searches of digital evidence. It then proposes an exposure theory of Fourth Amendment searches: any exposure of data to an output device such as a monitor should be a search of that data, and only that data...In the final section, the article proposes a rethinking of the plain view exception in computer searches to reflect the new dynamic of digital evidence investigations."
  • April 06, 2005
    * Gov't Proceeds With Plans to Mine Personal Data on Students

    A follow-up to my previous posting, Federal Gov't Wants To Mine College and University Student Data, is this recently released report: Feasibility of a Student Unit Record System Within the Integrated Postsecondary Education Data System (168 pages, PDF)

  • "This report describes the feasibility of collecting individual enrollment and financial aid information for each student in postsecondary education. NCES held three public meetings with key stakeholders from institutions, states and other interested parties to get feedback on such issues as burden, cost, and privacy, and to solicit information on other technical aspects of developing such a unit record system."

  • March 21, 2005
    * CDC Study Indicates Country Lags on E-Health Records

    Press release: New Study Shows Limited Use of Electronic Medical Records: "Less than a third of the nation's hospital emergency and outpatient departments use electronic medical records, and even fewer doctors’ offices do, according to a report released today by the Centers for Disease Control and Prevention (CDC)...The use of electronic records in health care lags far behind the computerization of information in other sectors of the economy. In health care, billing applications were the first to be computerized. Electronic billing systems are used in three-quarters of physician office practices, but computerization of clinical records has been much slower."

  • Use of Computerized Clinical Support Systems in Medical Settings: United States, 2001-2003 (9 pages, PDF)

  • PC Forum: Healthcare and IT clash by ZDNet's Dan Farber -- "Healthcare panel at PC Forum dealt with the of challenges using IT as a cure for what ails the system."

  • March 15, 2005
    * Digitizing Health Records One Person At A Time

    This Washington Post (reg. req'd) article reviews how individuals are using fee-based services that digitize their personal medical records as a way to manage uniform access to them in the event of medical emergencies and to facilitate the process of diagnostic evaluations. This may forecast a near term future of non-standard applications that fill the gap before the implementation of the National Health Information Network (NHIN).

  • Websites referenced in the article include WebMD, FollowMe, CapMed, Vital Vault and Laxor

  • From a Harris Poll conducted last summer on family health records: "At the moment, only a small minority (13%) of those with health records keep them electronically but many people—40% of all those who do not have electronic medical records—think it at least somewhat likely that they will do so."

  • March 11, 2005
    * Medical Record Privacy Breach Controversy Involving Blog

    140 Kaiser patients' private data put online:
    "In a troubling episode involving medical privacy in the digital age, Kaiser Permanente is notifying 140 patients that a disgruntled former employee posted confidential information about them on her Weblog."

    * FTC Testimony on Data Security and Identity Theft

    "The Federal Trade Commission testified...before the U.S. Senate Committee on Banking, Housing, and Urban Affairs about the reach of existing federal laws that require certain information providers to safeguard sensitive information and to ensure that the information doesn’t fall into the wrong hands. The Senate Banking Committee is examining recent developments involving the security of sensitive consumer information." [Link]

  • Prepared Statement of the Federal Trade Commission On Identity Theft: Recent Developments Involving the Security of Sensitive Consumer Information, Presented by Chairman Deborah Platt Majoras Before the Committee on Banking, Housing, and Urban Affairs of the United States Senate (March 10, 2005)."


  • Related references:
  • Link to the hearing and text (PDF) of other witness testimony.

  • FTC chief wants ChoicePoint regulated

  • March 07, 2005
    * Increase in Phishing Attacks Spurs Interest in Security Technology

    From the Washington Post, New Industry Helping Banks Fight Back - Sleuths Hit Online Identity Thieves With 'Takedowns,' 'Poisoning'. A patch-work of emerging technology applications are available targeted to financial services and e-commerce, seeking to address growing consumer concerns with e-mail and website fraud. This article reviews the challenges posed by phishing and the possibility that there may be federal regulations down the road.

    Related references:

  • Phishers Use Wildcard DNS to Build Convincing Bait URLs

  • On EBay, E-Mail Phishers Find a Well-Stocked Pond
  • February 28, 2005
    * How-To-Guide on Opting-Out Your Personal Data Listing from Websites and Subscription Services

    From the Privacy Rights Clearinghouse, this February 2005 update to their guide, Online Data Brokers: How Consumers Can Opt Out of Directory Assistance and Non-public Information, includes a chart detailing the specific procedure required by 17 free and fee-based websites and services which aggregate and provide access to a range of personal data. Take some time and review the information that these sites maintain on you, and be aware that they do not comprise all available online sources. Also note that unlike the Do-Not-Call Registry, opting out of these websites is not a one time request. As the database content is refreshed throughout the year, ensuring that your information is permanently removed may be an insurmountable challenge.

    February 24, 2005
    * Privacy and E-Health Records

    Press release: "U.S. adults are divided right down the middle on whether the potential privacy risks associated with a patient electronic medical record system outweigh the expected benefits to patients and society, according to Dr. Alan F. Westin, Professor of Public Law & Government Emeritus, Columbia University and Director of a new Program on Information Technology, Health Records & Privacy at Privacy & American Business (P&AB)."

    Related references:

  • Dr. Alan Westin's February 23, 2005 testimony (PDF) before HHS's National Committee on Vital and Health Statistics Subcommittee on Privacy and Confidentiality at the Hearings on Privacy and Health Information Technology.

  • How the Public Views Health Privacy: Survey Findings from 1978 to 2005 (PDF)

  • February 21, 2005
    * Credit Freezes Proposed Deterent to ID Theft

    By Chris Jay Hoofnagle, associate director of the Electronic Privacy Information Center, Putting Identity Theft on Ice: Freezing Credit Reports to Prevent Lending to Impostors.

  • "This article argues that the third actor, credit granting institutions, are culpable for a large number of identity theft cases. Institutions enable identity theft by maintaining lax credit granting practices, ones that make it easy for impostors to get credit in victims' names...This article proposes a fix to address lax credit granting practices."

  • Related references on ID theft
  • * ID Theft Scam Has Victims in 50 States and DC

  • From the Washington Post, ID Theft Scam Hits D.C. Area Residents

  • From ChoicePoint: Update on Identity Fraud Notification, 02/21/2005. This announcement includes a chart with a state-by-state accounting of the current number of victims of this scam, addresses the company's plan to participate in the investigation of the fraud, and its plans to "guard against future fraud."

  • Commentary posted today on the Washington Monthly.

  • Commentary, Copying California Law Isn't Enough to Stop the Next ChoicePoint


  • * Push is on to Digitize Health Records

    Health Industry Under Pressure to Computerize: "The federal government has delivered a warning to the health care industry: move into the computer age or the government will probably impose a solution."

    Related resources:

  • Panel: Cultural Shift Needed to Make Health Data Valuable

  • Better medicine without paper
  • January 31, 2005
    * Electronic Evidence Increasingly Important in Trials

    The proliferation of PCs, digital cameras, cell phones and other electronic data collection and distribution gadgets has resulted in the increased importance of digital evidence in a range of cases outside the scope of those that involve cybercrimes such as ID theft and fraud.

    January 25, 2005
    * NARA Guidance on Managing Web Records

    "Web site operations are an integral part of an agency's program. Managing web records properly is essential to effective web site operations, especially the mitigation of the risks an agency faces by using the web to carry out agency business. This guidance will assist agency officials in this regard, including agency program staff, webmasters, IT staff, and other agency officials who have a role in web site management and administration." [Link]

    January 24, 2005
    * Digital Medical Records Offer Benefits and Risks

    From Business Week, Between You, The Doctor, And The PC - "More physicians and hospitals are putting their medical records online." As the digitization of health care records steadily increases, there are consequences for physicians and patients alike. As diagnositic data and patient health records are made available online via hospital intranets, they are vulnerable to hackers, and security and privacy concerns increase. [thanks Lois]

    January 11, 2005
    * Free Yahoo! Desktop Search Beta

    Yahoo! Desktop Search joins the party alongside similar software recently released by Google, Ask Jeeves, and Microsoft. Details about the features of Yahoo Desktop search are discussed in this FAQ, and PC Magazine weighs in with a positive review, as does Chris Sherman at Search Engine Watch.

    December 20, 2004
    * Recommendations For Recently Launched Law-Related Websites

    Robert J. Ambrogi highlights 13 websites, launched this past year, that merit your review, including an online legal bookstore, an e-discovery resource, a new meta-search engine, and a collection of historical documents on the civil rights movement.

    December 15, 2004
    * Proposed E-Discovery Rules Generate Controversy and Merit Scrutiny

    This Business Week article discusses the potential consequences of new rules on electronic discovery and records retention under consideration by the Committee on Rules of Practice and Procedure of the Judicial Conference of the United States. These rules will have a significant impact on corporations in every sector. Particularly controversial is the proposed "safe harbor" provision that would exempt companies from sanctions if e-records were destroyed as the result of routine IT operations.

    December 07, 2004
    * Massachusetts Pioneers E-Health Records Initiative

    Massachusetts e-Health Collaborative MeHC Incorporated 2004 (11 pages, PDF);

  • "The Mission of the Collaborative is to improve the safety, cost effectiveness, and quality of health care in Massachusetts through the promotion of widespread implementation and use of electronic clinical information systems, including electronic medical records, medical decision support, and clinical data exchange capabilities."

  • See also Electronic health records spread, from FCW.com.


  • December 02, 2004
    * Employee Productivity Undermined by Tech Scrutiny According to New Report

    A new white paper by Dr. Carsten Sørensen of the London School of Economics (in conjunction with Microsoft UK), titled The Future Role of Trust in Work - The Key Success Factor for Mobile Productivity. According to InfoWorld, the report indicates "that managers are using technologies such as e-mail, mobile phones, and SMS (Short Messaging Service) to keep tabs on employees when in actuality they are reducing workers' productivity and the amount of time that they spend serving customers."

  • Update: See the PDF text (39 pages) of the report, 21st Century Workers Facing 'Big Brother' Business Threat"

  • November 22, 2004
    * Plans Take Shape for E-Health Records

    From the New York Times, this article reviews the challenges involved in work underway by NIH, industry and providers to coordinate and implement a digital health network.

    November 21, 2004
    * A Practical Guide to E-Discovery

    Eight Simple Steps for Doing Effective E-Discovery, By Dennis Kennedy and George Socha, November 2004.

    November 05, 2004
    * Electronic Access to Criminal Case Files

    "Beginning November 1, 2004, all criminal case file documents available to the public at a courthouse also will be available remotely through the court's electronic access system." [Link]

    November 03, 2004
    * Proposed Rule to Dispose of Gov't E-mail Without Paper Trail

    Proposed rule, National Archives and Records Administration (NARA), Federal Register, November 3, 2004:

  • "As part of NARA's Records Management Initiatives to redesign Federal records management, NARA has determined that Federal agencies should be allowed to dispose of short-term temporary electronic mail (e-mail) record (e.g., those with a retention period of 90, 120, or 180 days), without requiring the creation of a separate paper or electronic recordkeeping copy."

  • Related resource: A Report to the Interagency Committee on Government Information: Recommendations for the Effective Management of Government Information on the Internet and Other Electronic Records, by the Electronic Records Policy Working Group, October 20, 2004 (25 pages, PDF).
  • October 26, 2004
    * Facts About the Check Clearing Act Effective October 28

    "On October 28, 2004, the Check 21 law (the Check Clearing Act for the 21st Century Act) will take effect. This new law allows banks to replace original paper checks with "substitute checks" that are made from digital copies of the originals. Learn about your rights under Check 21 at:
    http://www.federalreserve.gov/paymentsystems/truncation/faqs.htm"

    October 22, 2004
    * HHS Pushes Migration to E-Records

    Adoption of e-record technology in the medical community has been a slow process, despite the availability of free hardware and software to faciliate the migration, according to this FCW article. Related Resources as follows:

  • Strategic Framework: The Decade of Health Information Technology: Delivering Consumer-centric and Information-rich Health Care.

  • Statement of David Brailer, M.D., Ph.D., National Health Information Technology Coordinator, U.S. Department of Health and Human Services, Testimony Before the Subcommittee on Health of the House Committee on Ways and Means, June 17, 2004.
  • October 06, 2004
    * Formation of Gov't Commission on Health IT Standards

    "The CIO of the Cleveland Clinic Foundation is among the health-industry executives named to an 11-member federal commission to help the nation develop and implement health-IT standards that will serve as the foundation for establishing a system for universal electronic health records." [Link]

  • Reference: House Rpt. 108-391 - Medicare Prescription Drug, Improvement, and Modernization Act of 2003 - SEC. 1012. Commission on Systemic Interoperability....(b) Duties - (1) In General - The Commission shall develop a comprehensive strategy for the adoption and implementation of health care information technology standards, that includes a timeline and prioritization for such adoption and implementation.
  • October 05, 2004
    * The Challenges of Digitizing Government Records Management

    NARA prepares for a new era in records management

  • This article provides insight into, and factual data about, the huge challenge and the technology associated with the development and implementation, by the National Archives, of a new online system to manage and make accessible billions of government agency records.
  • October 04, 2004
    * First State Gov't Digital Archives Launched by Washington State

    From the website: "The much-anticipated grand opening of America's first state government digital archives occurred on October 4, 2004...The Washington State Digital Archives is the nation's first archives dedicated specifically to the preservation of electronic records from both State and Local agencies that have permanent legal, fiscal or historical value."

  • Three search features are available to users: Simple Search, Detailed Search, and Advanced Search.
  • * DHS OIG Assessment on Terror Watch List

    Department of Home Security, Office of Inspector General, Office of Technology report: DHS Challenges in Consolidating Terrorist Watch List Information (54 pages, PDF, redacted).

  • "DHS is not playing a lead role in consolidating terrorist watch list information...DHS offcials said that the new department lacked the resources and infrastructure to assume leadership for the consolidation...Effective use of information technology (IT) is fundamental for the federal government to accomplish its counterterrorism mission. For example, compiling automated data on potential or known terrorists to check against the names of foreigners entering or already present in the U. S. is one critical means of protecting the homeland."

  • For reference, see the December 2, 2003 Markle Foundation Task Force on National Security in the Information Age report, Creating a Trusted Network for Homeland Security (173 pages, PDF)
  • October 01, 2004
    * Commentary on Proposed E-Discovery Rules

    See this article by Anita Ramasastry and my related posting.

    September 09, 2004
    * Proposed Amendments to Federal Rules Include E-Records

    Federal Courts Propose Rules for E-Discovery. Related document: Summary of Proposed Amendments to the Federal Rules (PDF) - Aug. 2004.

    September 02, 2004
    * Evolving Practices Support Doctor-Patient E-Mail Communications

    From today's WSJ, via Yahoo ($), this article, The Doctor Is Online: Secure Messaging Boosts the Use of Web Consultations, merits review. It addresses the issues of privacy, consultation fees and insurance coverage associated with secure messaging systems options now available for doctor-patient communications.

  • Related news, Creighton University Medical Center doctors using handheld devices to access patient information.
  • August 26, 2004
    * CA Bill Requires Employee Notification of Email Monitoring

    SB 1841 -- an act to add Section 436 to the Labor Code, relating to electronic monitoring of employees, awaits action by Governor Schwarzenegger.

  • From the press release by bill sponsor Senator Debra Bowen: "SB 1841 requires employers to give employees a one-time written notice if they plan to read e-mail, track Internet use, or use other electronic devices to monitor employees on or off the job. The bill requires employers to explain what will be monitored – for example employee e-mail content or location based on a GPS-chipped cell phone or car – but doesn’t require employers to tell employees each time they're about to read an e-mail or check an employee's whereabouts."
  • * Can Your Office Copier Be Hacked to Access Confidential Documents?

    A brief article in the August 26 Wall Street Journal, page B6, raises important questions concerning the security of confidential corporate documents stored on the hard drives of digital copiers, and potentially accessible by hackers if the drives have separate network addresses. From the article: "If a human resources department uses a digital photocopier to record employees' social security or driver's licenses, "That information is resident on that hard drive," says Edward McLaughlin, president of Sharp Document Solutions. "It is something that every financial institution is all over."

  • For additional information, see this report from Sharp, Document Security and the Digital Copier and Printer.
  • August 25, 2004
    * Trial Technology

    Anatomy Of Trial Technology: "Trial technologies are all the buzz for legal technologists, early adopters, vendors, and consultants - but have they made it to the main stream practice of law? This article traces availability and use of trial preparation and presentation software, court technology, and more through the most recent ABA Legal Technology Survey Report volume on Courtroom and Litigation Technology." by Catherine Sanders Reach.

    August 23, 2004
    * Software Removes Metadata Content Trail From Sensitive Documents

    From internetnews.com, this article details an update to software of interest to the legal community which facilitates the removal of sensitive information generated during the collaborative preparation of client related documents.

    August 12, 2004
    * Increased Work for Firms Specializing in Electronic Discovery

    The Surging Evolution of E-Discovery

    August 04, 2004
    * Finalists for Sweeping Electronic Records Archives Project Announced

    August 3, 2004 press release - National Archives Names Two Companies to Design an Electronic Archives

  • "Today, Archivist of the United States John W. Carlin announced the two companies (Lockheed Martin and Harris Corporation) that will lead the way in designing a technological solution to the challenge of preserving electronic information across space and time."
  • June 23, 2004
    * OCC Advisory Letter on Banks and Electronic Records Retention

    OCC Advisory Letter on Electronic Record Keeping, June 21, 2004:

  • "This advisory letter highlights issues regarding bank electronic record systems in light of the E-SIGN Act. 15 USC 7001, et seq. The letter provides a basic framework that bank management can use to assess and address key issues posed by electronic record keeping systems."

  • "...For example, the Act does not ensure admissibility of electronic records in litigation. This is important because the practical effect of having electronic records that are not admissible into evidence in judicial proceedings may be to render the electronic contract or record effectively unenforceable."

  • June 09, 2004
    * Court Upholds Public Right to Access Court Docket Sheets

    From the Reporters Committee for Freedom of the Press, this news of a 2nd Circuit decision (33 pages, PDF) released on June 8, that in part concluded: "We hold that the public and press enjoy a qualified First Amendment right of access to docket sheets. We also hold that the defendant court administrators have the authority to grant access to those docket sheets if the documents were sealed solely in accordance with administrative orders."

    June 07, 2004
    * Baltimore City Gov't Responds to E-Mail Overload

    City to delete its old e-mail: "After 90 days, messages will be gone from system; Public-records questions raised; Workers will have to find and save official material."

    March 12, 2004
    * Significant Corporate Problems With Records Retention

    Press release from AIIM: American Companies Fail To Address Retention of Email and Electronic Records - Survey Finds "e-Records" Policies Non-Existent in Almost Half of Companies [Link]

    "Nearly half of American companies have not adopted records retention policies for email and other electronic documents, despite the serious issues raised about corporate records keeping over the past two years.

    In a new survey of 2,200 records managers, 47 percent said their company does not include electronic records in its retention and destruction schedules. Nearly 6 in 10 companies (59 percent) reported having no formal policy concerning the retention of emails.

    Even more disturbing, 46 percent of companies reported having no system for placing holds on records in the event of pending litigation or a regulatory investigation leaving open the possibility that records critical to a legal matter could be destroyed. Moreover, 65 percent said their company's hold order policy, if one existed, did not include electronic records."

  • Electronic Records Management Survey: A Call To Action by AIIM and ARMA International: Executive Summary; Full-text of survey results require user registration.

  • February 10, 2004
    * E-Discovery Blog

    Alextronic Discovery: "An Electronic Discovery Blog covering news, articles and thoughts for the legal and corporate community," by Alex Lubarsky. The first posting was 11/09/03. (thanks Ben)

    February 09, 2004
    * Microsoft Word Hidden Data, E-Records and Privacy

    Microsoft issued a download for Office 2003/XP to allow users to"permanently remove hidden data and collaboration data, such as change tracking and comments, from Microsoft Word, Microsoft Excel, and Microsoft PowerPoint files." An important issue in itself, made even more relevant when considered alongside this article by Preston Gralla, published yesterday, about the creation of a purportedly "high-level [UK] intelligence dossier about Iraq" discovered to be "little more than a cut-and-paste job" constructed in Word.

    January 26, 2004
    * Guidance on Record Retention

    From the January 2004 issue of Law Practice Today: Electronic Document Retention Policies (And Why Your Clients Need Them).

    January 15, 2004
    December 16, 2003
    * New Guide to Electronic Discovery

    Electronic Discovery and Evidence by Michael R. Arkfeld, with eight chapters on topics that include: the creation and storage of electronic information, Computer Forensics, Experts and Service Bureaus, Discovery and Production Process, and Court Procedural Rules and Case Law.

  • See also Raves for Two New EDD Books

  • November 04, 2003
    * USPTO Expands Electronic Filing Services for Trademark Disputes

    "The Trademark Trial and Appeal Board (TTAB) of the U.S. Department of Commerce's United States Patent and Trademark Office (USPTO) has expanded the options for electronically filing documents in trademark disputes. Using the Electronic System for Trademark Trials and Appeals (ESTTA) system, parties to a dispute now can file more documents electronically with the TTAB, including requests for extension of time to oppose and notices of opposition. Parties also can use ESTTA to file motions and other documents in inter-partes cases." [Link]

    October 17, 2003
    * Microsoft and USPS Partner on Postmark App

    From the USPS:

  • "Just click the USPS EPM icon in the Microsoft Word toolbar, apply a USPS EPM to your document (contract, letter, agreement), and sign. This gives your document tamper protection against fraud and the ability to verify document authenticity with a click of the USPS EPM signature block." Free for individual users who have Microsoft Office XP and Office 2003.

  • October 15, 2003
    * Privacy and Court Records

    Chris Jay Hoofnagle, EPIC Deputy Counsel, will present the following paper, Public Records and Privacy (pdf), to the National Conference of Bankruptcy Judges 77th Annual Meeting on October 17. He examines the rights and responsibilities of data collectors and data subjects in the evolving system of online public records.

    October 13, 2003
    * Wired District Courts

    AP published a list of the 26 (of the 94) district courts that currently provide electronic filing and case management.

    October 10, 2003
    * NH Gov't Moves From Paper to E-Records

    This press release from New Hampshire Governor Craig Benson announces the implementation of E-Library Services, which will "enable viewing all agency reports that are generated by the State’s budget, financial and human resource computer systems. All such reports will be viewable in a web-browser by authorized users. The e-Info Library Services will be an official State Archive repository, no longer requiring agencies to archive their own paper copies."

    October 06, 2003
    * Enterprise-Wide ID Management

  • "As applications and users multiply, companies are turning to ID management software to improve access to applications, password management and the provisioning of resources.
  • [Link]

    September 17, 2003
    * Law Firm Technology Survey

    The Eighth Annual AmLaw Tech Survey, September 2003. Survey results were compiled from responses provided by 137 law firms, and address the following categories: document management, docketing & calendaring, spam defense, litigation support, and electronic evidence vendors. Additional information on expenditures related to hardware, software and IT related personnel is provided in another survey titled The Basics. Note that the average law firm technology budget for 2003 is almost $9 million. See also this article from which the survey results are linked: The Client Comes First.

    September 10, 2003
    * Managing Electronic Evidence

    From the September 2003 issue of ABA Law Practice Today, Electronic Discovery: The Top 10 Challenges and Solutions.

    * Are E-Books Still Viable, or is Amazon Preparing an Alternative?

    BarnesandNoble.com is no longer selling e-books, according to this posting on their website. However, a New York Times article by David D. Kirkpatrick, discusses the mid-September launch by Amazon.com of "a searchable online archive with the texts of tens of thousands of books of nonfiction, according to several publishing executives involved." This program is called Look Inside the Book II.

  • For an update, see this September 14 Reuters article, which states, "For now, e-books are an afterthought in the publishing world. Less than 500,000 electronic books were sold in the United States in 2002, compared with more than 1.5 billion printed books, estimates research firm Ipsos-Insight in Chicago," and for reference, this May 29 AP article, E-books down...at BookExpo America
  • September 09, 2003
    * Digital Archiving Program Based on PDF

    A committee of the Society of American Archivists, in conjunction with various associations representing imaging services providers, are evaluating new standards for a modified form of PDF, called PDF-A (for Portable Document Format Archive), which they propose as an option for the long-term storage of electronic documents.

    September 04, 2003
    * Database Vendor Eliminates Personal Data on Mexican Citizens

    AP reported that commercial online public records provider ChoicePoint has eliminated its database of "personal information of 65 million voting-age Mexican citizens" following a controvery surrounding the means by which this information was obtained. The company has a contract with the Dept. of Justice, which uses the system for activities associated with homeland security.

  • See also this April 30, 2003 article, "Mexican data acquired by ChoicePoint included more details than originally suspected."
  • September 03, 2003
    * Digital Document Preservation: Remember Microfiche - Well Its Back!

    Marketplace response to the challenges of preserving digital documents appears to be incorporating a "back to the future" perspective according to this recent article, Upgrade and Archive: The Ongoing Threat of Data Extinction. The continual push to digitize documents into virtual libraries must be balanced against the critical issues associated with the lifespan of hardware and software. Digital libraries are subject to obsolescence long before print materials and their analog counterparts. For this reason, many librarians have long maintained microfiche and/or microfilm collections, which it is now apparent, reflected sound judgment and considerable foresight.

    August 25, 2003
    * Lifespan of CD-RWs Critically Short

    cdfreaks.com reports on a study by the Dutch magazine, PC-Active, involving tests on 30 separate brands of recordable CDs to ascertain whether data and audio tracks saved on the disks was still readable after a 20 month period. The very bad news was that despite marketing indicating data is stable for up to ten years, many brands cannot be read less than two years after they are recorded. (via Slashdot)

    August 18, 2003
    * Researcher Details Security Concerns and Hidden Data in Word Documents Online

    Scalable Exploitation of, and Responses to Information Leakage Through Hidden Data in Published Documents, by Simon Byers, AT&T's Research Labs.

  • Mr. Beyer's research focused on the tools and techniques used to "search for hidden data in Word documents." The use of hidden text is routine in the process of creating documents using Word, so this article is worth reading for its clear and concise directions to protect these "hidden payloads" before documents are posted on the Web.
  • August 06, 2003
    * Dept. of Education Proposed Rule on Student Data Privacy

    From the Federal Register, July 28, 2003:

  • Statute: The Family Educational Rights and Privacy Act FERPA provides that an agency or institution may not have a policy or practice of disclosing personally identifiable information from education records without the "written consent'' of the parent or eligible student, subject to specified exceptions. 20 U.S.C. 1232g(b)(1).

  • Current Regulations: Regulations codified at 34 CFR 99.30 provide that written consent must be "signed and dated'' and must specify the records to be disclosed, the purpose of the disclosure, and the party or class of parties to whom the disclosure may be made.

  • Proposed Regulations: Proposed Sec. 99.30(d) provides general guidelines for educational agencies and institutions that choose to meet the requirements of Sec. 99.30 with records and signatures in electronic format.

  • Reasons: The Department has received numerous inquiries whether some form of electronic consent and signature, including e-mail, satisfies FERPS's written consent requirement.

  • August 04, 2003
    * EPA Held In Contempt for Destroying E-Docs

    U.S. District Judge Royce C. Lamberth last week held the Environmental Protection Agency in contempt for destroying electronic documents in violation of a court order issued as a result of a Freedom of Information Act request. [Link]

  • Landmark Legal Foundation v. EPA, Civil Action No. 00-2338, Opinions issued July 24, 2003 by Judge Royce C. Lamberth, Memorandum Opinion & Order (Contempt); Memorandum Opinion & Order (Summary Judgment)
  • August 01, 2003
    * Preserving Digital Documents

    Storing e-text for centuries describes the LOCKSS (for "lots of copies keep stuff safe") project for permanent publishing on the Web, which is the brainchild of Stanford University librarian Vicky Reich and researcher David Rosenthal.

  • From the LOCKSS website: "LOCKSS creates low-cost, persistent digital "caches" of authoritative versions of http-delivered content. The LOCKSS software enables institutions to locally collect, store, preserve, and archive authorized content thus safeguarding their community's access to that content. The LOCKSS model enforces the publisher's access control systems and, for many publishers, does no harm to their business models."

  • Progress Report as of October 8, 2002, PDF, Digital Library Federation Web Site: Mellon E-Journal Archiving Program.
  • July 17, 2003
    * Even Shredded Documents Are Not Beyond Reconstructing

    Picking Up the Pieces:

  • "People perceive it (the paper shredder) as an almost perfect device," said Jack Brassil, a researcher for Hewlett-Packard who has worked on making shredded documents traceable. If people put a document through a shredder, "they assume that it's fundamentally unrecoverable," he said. "And that's clearly not true."

  • For more detailed documentation, see Jack Brassil's paper, Tracing the Source of a Shredded Document.
  • July 16, 2003
    * Resources on Electronic Discovery

    From Ken Withers, a Research Associate at the Federal Judicial Center, links to a series of presentations and papers on electronic discovery.

  • Selected Case Law and Further Reading

  • Electronic Discovery: What You Need to Know, Association of the Bar of New York City, 29 May 2003 (PowerPoint slides and text)

  • The Sedona Principles, Best Practices, Recommendations and Principles for Addressing Electronic Document Production, (53 pages, pdf), March 2003.

  • Observations on "The Sedona Principles," April 2003.

  • July 08, 2003
    * Challenges of Electronic Documents Preservation

    Electronic Records: Management and Preservation Pose Challenges, by Linda D. Koontz, director, information management, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform. GAO-03-936T, July 8.

  • From the same subcommittee, see also this hearing, Wiring Our National Archives, Federal Electronic Records Management Review, July 8, 2003. "The E-Government Act of 2002 has accelerated the move towards electronic government. As a result, agencies are generating more and more electronic records. This has made the task of electronic records management a high priority."

  • July 02, 2003
    * New Focus on E-Filing and the Courts

    Two new articles on e-filing that address issues of technology standards, e-courts (there are currently 20 accepting such filings), security, and contracting with service providers:

  • E-Filing - Coming to a Court Near You

  • e-Filing and Issues Relating to Electronic Filing Service Providers
  • * USPTO Announces Transition to All Electronic Filings

    From the press release: "The U.S. Department of Commerce’s United States Patent and Trademark Office (USPTO) announced today that effective June 30, 2003, all newly filed patent applications will be converted to electronic applications and processed electronically. Additionally, over the next 15 months, the USPTO will scan more than a half million pending applications into the electronic system." See the final rule in the Federal Register here.

    June 13, 2003
    * The Cost of E-Discovery

    Federal Decision Deals With Who Pays the Costs: Judge Shira Scheindlin's ruling in Zubulake v. UBS Warburg, 02 Civ. 1243, U.S. District Court, Southern District of New York, May 13, 2003, "lists seven factors to test in order to determine which side of a case should pay for electronic discovery."

    June 12, 2003
    * Proposed Standards for Archiving Journal Articles

    According to this article from the Chronicle of Higher Education, the National Library of Medicine has created and published freely available standards, called the Journal Archiving and Interchange Document Type Definition (DTD), for the uniform digital publication and distribution of journal content.

    May 28, 2003
    * Creating E-Records

    Scanning Essentials for Your Office reviews applications, costs and options for creating e-records from text, pictures and images.

    May 15, 2003
    * New E-Filing System for Courts

    Tom O'Connor writes about the release of a new e-filing application that is a joint venture between Microsoft and BearingPoint Inc. (formerly KPMG). The service is currently being tested under contract with the state of Texas, and is based on the open-source LegalXML standard.

    April 10, 2003
    * Enron Loses Request to Shield Documents from Public

    A follow-up to my posting yesterday on FERC's announcement concerning the temporary removal of Enron e-mails from the agency's database: Judge Melinda Harmon, United States District Court, Southern District of Texas, has "rejected Enron's request for a blanket protective order preventing parties from disclosing discovery documents to the public." This information is via the Reporters Committee for Freedom of the Press.

    March 27, 2003
    * USPTO Proposes Electronic Image Management System

    This United States Patent and Trademark Office proposed rulemaking seeks to implement a "beginning-to-end electronic processing of patent applications." The use of paper in the application process will be replaced by an imaging system to scan all documents and produce digital image files.

    March 05, 2003
    * Supreme Court Decisions on Sex Offender Registry and Internet

    Today the Supreme Court ruled in two cases involving Megan's law, one from Connecticut and one from Alaska.

    In Smith et al v. Doe et al, No. 01-729, (PDF - appeal in Doe I v. Otte, 259 F.3d 979, C.A. 9, Alaska, 2001) the court upheld the right of states to use the web to post photos of convicted sex offenders. "Alaska's sex offender registration act requires convicted sex offenders to register with the Alaska Department of Public Safety and makes offender information available to the public. The department elected to publish the information on the Internet."

    In Connecticut Department of Public Safety v. John Doe, 01-1231 (PDF), the court determined that Connecticut's sex offender registry does not deprive offenders of "a liberty interest" nor violate the due process clause. For background on this case, see this National Conference of State Legislatures site.


    See also this Cornell Legal Information Institute webpage that provides separate links to the following HTML documents in Smith v. Doe: Syllabus, Opinion [Kennedy], Concurrence [Thomas], Concurrence [Souter], Dissent [Opinion of Stevens], Dissent [Ginsburg].

    March 04, 2003
    * Inexpensive Options to Create PDF Documents

    This article reviews two applications, RoboPDF 2.0 ($50) and pdfFactory ($50), that offer a low-cost alternative for attorneys currently using Adobe to create database repositories of documents.

    * Law Firm Leverages E-Documents

    From the March 2003 issue of AmLaw Tech, this article on a customized electronic discovery application called Patterns, developed for Preston Gates, is described as "a search engine on steroids."

    February 24, 2003
    * Discovery and Electronic Evidence

    The ABA Law Practice Management Section recently launched a new e-zine, Law Practice Today, that focuses on "law practice marketing, management, technology, and finance." From the February 14 issue, an article by attorney Joseph Kashi, Systematic Discovery and Organization of Electronic Evidence, focuses on how "gaining an early, effective, and systematic approach to your electronic discovery efforts can make or break your case."

    February 14, 2003
    * The Challenges of Archiving E-Court Documents

    This law.com article reviews the two major applications under consideration as standards for electronically archiving court documents: "Portable Document Format (PDF) designed especially for long-term archiving, called PDF-Archive or PDF-A. The second format is Extensible Markup Language (XML)."

    February 05, 2003
    * Court Switches to PDF for Slip Opinions

    The U.S. Court of Appeals for the D.C. Circuit posted the following statement: "As of February 4, 2003, opinions are available as PDF documents to better represent the formatting of the printed slip opinion." Thanks to Donna Cavallini for the link.

    January 30, 2003
    * New York City's Landmark Online Records Bill

    The New York City Council has passed, and sent to Mayor Bloomberg for signature, the first bill of its kind for any city or state, requiring online publication of all city agency reports and publications within ten days of issuance. A prior press release is available here.

    All documents are to be sent in electronic format to the Department of Records and Information Services (DORIS). Thereafter, they will be made available to the public via the My NYC.gov Portal.

    December 24, 2002
    * Financial Data Disappearing From Corporate Websites

    In this article, Companies Are Divided on Providing Online Data, the New York Times examines the growing trend among corporate websites to limit the amount of financial data they make available to investors, who often make corporate sites their first stop when conducting research. While some companies choose to continue to provide a deep archive of financial reports that stretches back to the 1980s (such as Home Depot), many others are limiting the reports they provide to only one or two years, contending there are numerous free and fee-based sources available to obtain such data.

    December 23, 2002
    * Federal Courts in New Jersey Ease Toward E-Filing

    Beginning in 2003, the Federal District Court in New Jersey will switch from using snail-mail in favor of faxing documents to "consenting parties" as they transition to the implementation of an e-filing system, according to this law.com article.

    December 20, 2002
    * SEC E-Filing of Ownership Reports

    On December 18, the SEC proposed: "the mandatory electronic filing of change of beneficial ownership reports required to be filed by officers, directors and principal security holders under Section 16(a) of the Securities Exchange Act of 1934, and Web site posting of such reports by issuers with corporate Web sites."

    * Northern District of Geogia Moves to E-Filing

    The U.S. District Court for the Northern District of Georgia issued Standing Order 02-01, Electronic Access to Public Records and Sensitive Information, on October 17, 2002. The document stipulates that effective January 1, 2003, the court "intends to make electronic access to court files available through PACER by imaging documents into the court's computer system."

    December 11, 2002
    * Patent Office Works on Transition to E-Records

    As I reported in November, the USPTO has undertaken an ambitious plan to transition to a paperless public access system. However, this new agency announcement indicates that there is now a greater understanding of the tremendous challenges inherent in this project, and the need to ensure that paper copies continue to be available to prevent a data gap.

    December 04, 2002
    * Southern District of NY to Initiate E-Filing

    The U.S. District Court, Southern District of New York, issued a press release on December 2 stating its plan to implement a new e-filing and case management system in February 2003.

    November 14, 2002
    * CA Law on Computer Database Hacking

    The California state government learned the hard way the repercussions of not acting swiftly to respond to, secure and disclose that employee personal data was comprised by a wide scale database hacking operation in April 2002. Fast forward, and their legislature is now the first in the country to pass a law to prevent the fall-out of such future attacks. Their action comes in the form of passage of SB 1386, effective July 1, 2003. It requires that "a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person."

    November 13, 2002
    * Document Management After Enron

    This interesting commentary reviews the requirement for documents management in the post-Enron and Sarbanes-Oxley Act corporate environment. Destroying corporate documents, via shredding or other "digital" means can be a criminal act, so increased attention is warranted to how internal documents are stored, shared and deleted.

    October 02, 2002
    * New Guidance from Archives on Email and Attachments

    The U.S. National Archives and Records Administration (NARA) issued a guidance detailing the procedures necessary for the transfer of email messages and attachments to the agency.

    September 12, 2002
    August 31, 2002
    * "Prototype for a Universal Virtual Computer"

    According to this New York Times article, Dr. Raymond Lorie, Research Fellow at the IBM Almaden Research Center, has been testing a program to preserve digital documents so that they can be read decades into the future, despite the obvious obstacles of the evolution of hardware and software. A paper he wrote on the topic, titled A Project on Preservation of Digital Data, describes the program as follows: "For data archiving, we propose to save a program P that can extract the data from the bit stream and return it to the caller in an understandable way, so that it may be exported to a new system. The program P is written for a Universal Virtual Computer (UVC). All that is needed in the future for executing P is an interpreter of the UVC instructions. The execution of P in the future will return the data with additional information, according to the metadata (which is also archived)."

    For more context and other perspectives on this important issue, see Richard Wiggins' article, Digital Preservation: Paradox & Promise (from the Library Journal, 4/15/2001, reg. req.) Richard also recommends an excellent resource from the National Library of Australia: PADI, Preserving Access to Digital Information. Here you will find links to topical articles, organizations and web sites, policies, strategies and guidelines, projects and cases, and related journals and newsletters.

    August 19, 2002
    * National Archives Wants to Archive E-Records

    NARA is facing the daunting task of archiving millions of electronic records for public access, many of which were created using formats that are now obsolete.