Steven J. O'Neill

Cover Your Assets

C-Level Guide to Covering Your Information Assets The management and protection of information assets increasingly represent both the greatest potential value and the greatest risk to the enterprise.  Big Data and analytics are now being leveraged by companies well beyond Amazon, Facebook, Uber and Google.  Beginning with the Enron scandal and the advent of penalties (civil and criminal) for the improper destruction of electronically stored information (ESI), the existential risk from the disclosure of corporate mistakes or malfeasance through investigation, litigation discovery, or hacking has increased on pace with the explosion of digital data.  The reputational damage to Target, Sony, Home Depot and even the U.S. Office of Personnel Management is substantial. Many organizations now report a literal doubling of stored data each year.  The oft-heard antidote that the hardware cost of data storage has decreased over time obscures the reality that the combined hard and soft costs of this explosion are enormous.  The exponential growth of new data combined with an ocean of unstructured legacy data can only increase management costs and litigation response costs / risks. Too much data affects the bottom line in many ways.  Multiple surveys report that employees spend excessive time searching for and managing …

Read more

Create a Legally Defensible Document Retention / Destruction Policy

My February 2015 NARI Legal Corner guest blog titled Build a Record You’ll Be Proud Of, addressed the importance of recordkeeping for contractors and provided practical guidelines for creating project records.  It showed that the successful management of construction projects requires proper management of a company’s records and other “information assets.”  Information asset management should be viewed as a key component of every contractor’s overall risk management program. The article concluded by recommending that organizations develop and implement a document retention policy and legal retention schedule, which together allow old records to be destroyed in a legally defensible manner. This article describes an approach to managing and retiring (destroying) information assets that is based on industry standards and best practices. A document retention policy is really a document destruction policy Information as Assets Broadly defined, information assets include not only project records, accounting records and official documents but all other information holding any value or representing any risk to the organization.  Information assets include anything that is recorded or stored such as email, instant messaging, voicemail, databases, digital photos or any type of document, whether printed out or not.  Assets in the form of Electronically Stored Information (ESI) also include …

Read more

Build a Record That You’ll Be Proud Of

Coliseum

The management of construction projects involves the management of information. Frequently, decisions need to be made on-the-fly, before the written information necessary to document the decision is available.  Under time pressure and with no reliable systems in place, project documentation (building a record) is regularly neglected. Unfortunately, a poorly built record can have serious negative legal, and financial consequences. Why Build a Record? One good measure of the success of a construction project is whether the completed building meets the needs and vision of the owner. Even small projects require a written proposal containing references to plans and specifications.  Without good documentation, there is a greatly increased risk that the customer’s vision may not be converted to reality, leading to a dispute.  A key attribute of project documentation is the extent to which it enables any given stakeholder (general contractor, subcontractor, designer, supplier, owner, lender, insurer) to protect its own …

Read more

Cloudy Laws II – Only 65 Challenges to eDiscovery Forensics in the Cloud

clous over hawaii

Among the many types of challenges presented by the adoption of cloud computing are those involving computer forensics. Computer forensics can be thought of as the set of tools and techniques that make eDiscovery possible and reliable. It is defined in Wikipedia as, “a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media.” The National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) defines cloud computing forensic science more specifically as, the application of scientific principles, technological practices and derived and proven methods to reconstruct past cloud computing events through identification, collection, preservation, examination, interpretation and reporting of digital evidence As with other legal evidence, digital evidence is subject to challenge in court. It has to be what it purports to be. Therefore, the accurate identification of the creator, custodian, chain of custody, authenticity and other attributes of digital evidence is essential in any eDiscovery setting. Essentially, a computer forensic investigation must locate and identify “documents” and other information that can be traced to the actions, knowledge and information available to parties and other witnesses involved in a lawsuit, arbitration or investigation While a number of technical tools and techniques have been developed to …

Read more

Cloudy Laws I – Cloud Computing Security and Legal Challenges

Supercell clouds over Nebraska

Cloud computing presents innumerable opportunities and brings with it enormous security and legal challenges.  While there is no single accepted definition of the “cloud,” the National Institute of Standards and Technology created a reference model in 2011.  NIST defined cloud computing by describing its five essential characteristics, three service models, and four deployment models. (NIST Special Publication 800-145): Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Essential Characteristics Service Models Deployment Models 1. On demand self service 1. Software as a Service (SaaS) 1. Private Cloud 2. Broad network access 2. Platform as a Service (PaaS) 2. Community Cloud 3. Resource pooling 3. Infrastructure as a Service (IaaS) 3. Public Cloud 4. Rapid elasticity 4. Hybrid Cloud 5. Measured service NIST Cloud Computing Reference Model The rapid increase in the availability of cloud computing solutions ranging from Enterprise systems, to Office 365, to the ad hoc use of unencrypted Dropbox accounts, has profound implications for privacy, information security, eDiscovery and legally defensible document retention policies.  Hardly a …

Read more

Smile – Caught on RRP Camera

Still photo of contractors sanding residence

EPA Crowdsourcing lead paint enforcement in New England Crowdsourcing The practice of outsourcing a job or task that is traditionally performed by employees or a contracted company to a non-organized, usually large group of people, generally in the form of an open call or competition. Note to self: Don’t break law in plain sight of your competition Late last year, I found a long version of a YouTube video showing two men dry-sanding a residence in Rockland, Maine. The video was shaky and amateurish but had a series of captions describing a fairly complete list of alleged violations of the EPA’s new RRP Rule, which mandates lead-safe paint removal practices on pre-1978 housing. I was searching for photos while updating a PowerPoint presentation on the Legal Aspects of the EPA Lead-Based Paint Renovation, Repair & Painting (RRP) Rule. I showed it to a group of contractors at my next seminar and …

Read more

BIM Coordination Dispute

Building Information Modeling Litigation Architectural Record reports that XL Insurance recently settled a messy case arising out of the use of Building Information Modeling (BIM) to design and construct a life sciences building at a major university.  XL representatives would not name the parties involved but commented on the dispute to make people aware of the risks of BIM. The dispute centers on the lack of communication between the designers of the BIM model and the subcontractors actually responsible for performing the work – in this case the MEP contractor.  The BIM model’s tolerances for spacing in the plenum were very tight but the nature of the restriction was not communicated properly to the MEP contractor.  After the mechanicals were about 70% complete  using normal sequencing, it dawned on everyone that they were out of space.  Apparently, the design team did not communicate to the contractor that the very tight tolerances could only be achieved through a specific sequencing. The contractor sued the owner, the owner sued the architect, XL provides insurance to the design industry and so it brought in the MEP contractor. BIM Too Complicated for a Jury? The article reports that the resolution of the dispute was expensive …

Read more

LocationGate – Where in the World Was Waldo?

Just look at his iPhone data Apparently I am not the only person troubled by the 2011 revelation that Google and Apple collect location data from smart phones.  Mike Elgan wrote a thoughtful piece for Computerworld. Who owns your location? – Computerworld The idea of tracking files existing on phones and on the computers used to synch data raises eDiscovery issues as well as obvious privacy and data security concerns.  Will employers be tempted to look at the data collected by company issued phones to see if their sales team or delivery drivers were on task?  Employers defending discrimination cases are always on the lookout for employee misconduct that would justify termination of employment on non-discriminatory grounds.  Did she lie to the boss about that sick day as shown by the trip to the Foxwoods Casino? Warrantless Searches A January 2011 decision by the California Supreme Court held that police may make a warrantless search of a person’s cell phone incident to a lawful arrest – in California.  In the opinion, the court considers and dismisses the privacy argument: Regarding the quantitative analysis of defendant and the dissent, the salient point of the high court‟s decisions is that a “lawful custodial arrest …

Read more

Roofing Snow Jobs – Contractor Door-to-Door Sales

  Door-to-Door Sales and the FTC Home Solicitation Sales Act So a contractor gets a call from a frantic homeowner in Massachusetts.  She pleads with the contractor to come out right away and fix something.  She says it is an emergency!  The CNN “Severe Weather Forecast” predicted more heavy snow and warned that some roofs may need to be shoveled off. The contractor arrives to check out the situation; there is no real emergency but the owner is plainly motivated to hire the contractor to do building maintenance tasks right away.  On the spot, the contractor sees an opportunity to make an easy buck, writes out a contract for $999, the owner happily signs (after all, she thinks it is an emergency), and the contractor gets started right away. Either not thinking about it or thinking that a) because the cost of the job was under $1,000; or b) because the services were technically not construction services; or c) because the owner said it was an emergency, the contractor did not provide the homeowner with the statutory 3-Day Notice of Cancellation Form.  Big Mistake! Later that day the homeowner pays the $999 in cash and is given a receipt for the work. She …

Read more