Abstract image of a woman sitting on books and studying on a laptop

E-discovery - social media & cloud-dec2011

Download as PPT, PDF
C
cmteti

The document discusses the challenges of managing data on social media and cloud computing platforms for government agencies. It outlines risks around records management, data capture and retention, security and privacy. It emphasizes the importance of governance and an integrated approach across information management disciplines like records management, IT and legal. Effective information management requires clear policies, senior leadership support, and oversight of compliance.

BusinessTechnology
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Maintaining, Preserving & Disposing of Data on Social Media & Cloud Computing Platforms Catherine Teti Managing Director, Knowledge Services Chief Agency Privacy Officer US Government Accountability Office December 1, 2011
Presentation Overview Challenges, issues and requirements that agencies need to be mindful of/address when moving into the cloud or using social media. Value Proposition Risks and Requirements Governance – effective information management and oversight GAO’s Experience Additional References December 1, 2011 Data Management Challenges – Social Media & Cloud Page
Value Proposition What . . . Problem will be solved? Service enhanced? Operational or resource efficiencies realized? Understand your audience/customer base Multiple points of information dissemination (e.g., reposting information to agency web sites) OMB “Guidance for Agency Use of Third-Party Websites and Applications”, M-10-23, June 25, 2010 Provide alternatives to 3d party websites/applications (i.e., public shouldn’t have to join a social media site to access agency information or services) December 1, 2011 Data Management Challenges – Social Media & Cloud Page
Risks and Requirements - Records Is a record required? See Value proposition (why are you doing this in the 1 st place? Evidence of agency policy, decisions, mission Original or repurposed content (is it already captured elsewhere?) Caution: Content vs. medium December 1, 2011 Data Management Challenges – Social Media & Cloud Page
Risks and Requirements – Capture/Retain Capture and retention Preserving data that isn’t “owned” or controlled by your agency - Do you (or should you) care? What if – the cloud vendor goes out of business, the agency changes contractors, you decide to stop using Facebook? Disposing of or destroying data at the end of its retention period (inclusion in terms of service) Does it matter if you can’t dispose of it – i.e., potential lack of control December 1, 2011 Data Management Challenges – Social Media & Cloud Page
Risks and Requirements – Security/Privacy Security Potential for hacking or attacking systems and/or data Privacy – Potential for inappropriate use of personal data What is captured (essential only) ? Why? How is it used? How is it secured? User notification – collection and use See also OMB M-10-23 requirements for privacy impact assessments Agency privacy notices December 1, 2011 Data Management Challenges – Social Media & Cloud Page
Federal Agency Information Management Requirements The Paperwork Reduction Act – information collection and responsibilities for the management of information resources The Privacy Act - use of personal information by federal agencies FISMA, the Federal Information Security Management Act - requirements for protecting agency information and systems from misuse FOIA - public access to agency records The Federal Records Act - requires agencies to manage records needed for their operations and have processes to properly dispose of or save (historically significant) records NARA Bulletin 2011-02 - Guidance on Managing Records in Web 2.0/Social Media Platforms December 1, 2011 Data Management Challenges – Social Media & Cloud Page
E-Discovery Requirements Formalized in the amended Federal Rules of Civil Procedures in 2006. All Electronically Stored Information (ESI) stipulated in a subpoena must be preserved as part of a legal hold. Organizations must be able to preserve and produce all ESI relevant to a discovery order. Organizations’ inability to search for and locate relevant information is causing significant risk. Costs for e-discovery are continuing to skyrocket for organizations without proper information management. December 1, 2011 Data Management Challenges – Social Media & Cloud Page
Governance – The Key to Effective Information Management and Oversight Different information – and mission - disciplines working together for an integrated approach: Records Management Information Security Information Technology Legal Privacy Business owner(s) Realigning and re-engineering stove-piped management processes to create integrated and coordinated approaches to managing information across the information life cycle Oversight – capture/custodianship Guidance – Who speaks for the agency December 1, 2011 Data Management Challenges – Social Media & Cloud Page
GAO’s Key Requirements for Effective IM Business Purpose Align management with GAO business processes to meet mission objectives Organizational Commitment Ensure executive sponsorship and stakeholder buy-in Governance Clearly define policy and requirements Recognize constraints and limitations Strive for user engagement and senior executive sponsorship Information governance alliance among IT, records, legal, information security, privacy, public affairs, business owners Oversight Performance measures and accountability December 1, 2011 Data Management Challenges – Social Media & Cloud Page
GAO’s (Adaptive) Use of Social Media Tools Information Dissemination Twitter (RSS feeds) YouTube Podcasts Facebook Flickr Information Sharing Wiki (internal) All records are managed according to GAO IM policies December 1, 2011 Data Management Challenges – Social Media & Cloud Page
An Effective IM Program An effective IM program allows GAO to: Retrieve: Easily retrieve relevant information in a timely fashion Access: Provide access to information to the right people when it is needed Audit: Able to identify anomalies and ensure compliance with all applicable rules and regulations (FRA, FISMA, etc.) Dispose: Ability to dispose of information in the normal course of business when it is no longer needed in accordance with GAO’s retention and disposition policy December 1, 2011 Data Management Challenges – Social Media & Cloud Page
GAO’s Disposition Strategy GAO’s records disposition schedule applies to records regardless of format or media. Disposition strategy is comprehensive for all records types (paper, electronic, data sets, and other “stuff”) so it is applied uniformly across all media and formats. Ensures that GAO complies with all requirements, mitigates risk and exposure, saves storage space, is cost-effective, and allows for easier search and retrieval of remaining records. December 1, 2011 Data Management Challenges – Social Media & Cloud Page
GAO Reports on Information Management and Social Media GAO-11-605: Social Media: Federal Agencies Need Policies and Procedures for Managing and Protecting Information They Access and Disseminate GAO-10-838T: Information Management: The Challenges of Managing Electronic Records GAO-11-15: NARA: Oversight and Management Improvements Initiated, but More Action Needed GAO-08-536: Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information GAO-10-537T: Freedom of Information Act:  Requirements and Implementation Continue to Evolve December 1, 2011 Data Management Challenges – Social Media & Cloud Page
Additional References OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications Best Practices Study of Social Media Records Policies, ACT/IAC Collaboration and Transformation (C&T) Shared Interest Group (SIG), March 2011 ( www.actgov.org/SocialMediaRecords ) NARA Bulletin 2011-02, Guidance on Managing Records in Web 2.0/Social Media Platforms, October 20, 2010 December 1, 2011 Data Management Challenges – Social Media & Cloud Page
Questions? Catherine Teti Managing Director, Knowledge Services, Chief Agency Privacy Officer US Government Accountability Office (GAO) [email_address] 202.512.9255 December 1, 2011 Data Management Challenges – Social Media & Cloud Page
December 1, 2011 Data Management Challenges – Social Media & Cloud Page GAO on the Web Web site: http://www.gao.gov/   Contact Chuck Young, Managing Director, Public Affairs, [email_address] (202) 512-4800, U.S. Government Accountability Office 441 G Street NW, Room 7149, Washington, D.C. 20548 Copyright This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately.

More Related Content

PPT
D R M Evolution 2005 10 19
Amit Maitra
 
PDF
Removing Danger From Data
CloverDX
 
PDF
Privacy & Social Media
chuckbt
 
PDF
Multi-Dimensional Privacy Protection for Digital Collaborations.
CSCJournals
 
PPTX
Building A Modern Security Policy For Social Media and Government
Michael Smith
 
PPTX
Doculabs Everteam houston breakfast 06.29.17 v0.2
Everteam
 
PDF
AI and Legal Tech in Context: Privacy and Security Commons
professormadison
 
PDF
TITUS - Top Reasons For Data Classification
John Timmerman
 
D R M Evolution 2005 10 19
Amit Maitra
 
Removing Danger From Data
CloverDX
 
Privacy & Social Media
chuckbt
 
Multi-Dimensional Privacy Protection for Digital Collaborations.
CSCJournals
 
Building A Modern Security Policy For Social Media and Government
Michael Smith
 
Doculabs Everteam houston breakfast 06.29.17 v0.2
Everteam
 
AI and Legal Tech in Context: Privacy and Security Commons
professormadison
 
TITUS - Top Reasons For Data Classification
John Timmerman
 

Similar to E-discovery - social media & cloud-dec2011 (20)

PDF
Social media and records management challenges 2012 09-17-m
Kevin Kim
 
PDF
Case for Compliant IM
cmteti
 
PPTX
Arma november2010
Arian Ravanbakhsh
 
KEY
NARA and Social Media, Spring 2011
Arian Ravanbakhsh
 
PDF
Best practices of social media records policies
GovLoop
 
PDF
Best practices of social media records policies ct sig - 03-31-11 (3)
Claude Super
 
PDF
(eBook PDF) Information Governance: Concepts, Strategies, and Best Practices
nelisrabelys
 
KEY
AERM Workshop
Arian Ravanbakhsh
 
PPTX
What does the Obama Administration Records Management Directive Tell Us?
AIIM International
 
DOC
Website and Social Media Archiving: A Growing Necessity for Government Agencies
PageFreezer
 
PPTX
Information governance process & technology
GNetadmin
 
PPTX
How To Manage Social Media In Your Organization: Building A Successful Govern...
Jim Merrifield, IGP, CIP
 
PPT
Effective Information Management V2 18sep2008
Collabor8now Ltd
 
PDF
Prepare For Breaches Like a Pro
Resilient Systems
 
PDF
2 7-2013-big data and e-discovery
Exterro
 
PDF
Information Explosion - Erik Moller
HPDutchWorld
 
PPTX
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
David Kearney
 
PDF
Breached! The First 48
Resilient Systems
 
PPTX
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
Resilient Systems
 
PDF
Information Management in a Web 2.0 World May 2009
Collabor8now Ltd
 
Social media and records management challenges 2012 09-17-m
Kevin Kim
 
Case for Compliant IM
cmteti
 
Arma november2010
Arian Ravanbakhsh
 
NARA and Social Media, Spring 2011
Arian Ravanbakhsh
 
Best practices of social media records policies
GovLoop
 
Best practices of social media records policies ct sig - 03-31-11 (3)
Claude Super
 
(eBook PDF) Information Governance: Concepts, Strategies, and Best Practices
nelisrabelys
 
AERM Workshop
Arian Ravanbakhsh
 
What does the Obama Administration Records Management Directive Tell Us?
AIIM International
 
Website and Social Media Archiving: A Growing Necessity for Government Agencies
PageFreezer
 
Information governance process & technology
GNetadmin
 
How To Manage Social Media In Your Organization: Building A Successful Govern...
Jim Merrifield, IGP, CIP
 
Effective Information Management V2 18sep2008
Collabor8now Ltd
 
Prepare For Breaches Like a Pro
Resilient Systems
 
2 7-2013-big data and e-discovery
Exterro
 
Information Explosion - Erik Moller
HPDutchWorld
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
David Kearney
 
Breached! The First 48
Resilient Systems
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
Resilient Systems
 
Information Management in a Web 2.0 World May 2009
Collabor8now Ltd
 
Ad

Recently uploaded (20)

PPTX
BUSINESS CYCLE_INFLATION AND UNEMPLOYMENT.pptx
TasmiaThalil
 
PPTX
2 - Self & Personality 587689213yiuedhwejbmansbeakjrk
inshu28231804
 
PDF
Chapter 2 - AI chatbots and prompt engineering.pdf
Quan Risk
 
PDF
Sustainable Digital Finance in Asia_FINAL_22.pdf
deafajriatatarizqaja
 
PDF
Cross-Cultural Leadership Practices in Education (www.kiu.ac.ug)
publication11
 
PDF
Middle East's Most Impactful Business Leaders to Follow in 2025
thearabbusiness
 
PPTX
IMM.pptx marketing communication givguhfh thfyu
aruntambralli3813
 
DOCX
Center Enamel Powering Innovation and Resilience in the Italian Chemical Indu...
cecvessels
 
PDF
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PPTX
IMM marketing mix of four ps give fjcb jjb
aruntambralli3813
 
PDF
Comments on Clouds that Assimilate Parts I&II.pdf
Brij Consulting, LLC
 
PDF
Stacey L Stevens - Canada's Most Influential Women Lawyers Revolutionizing Th...
insightssuccess2
 
PPTX
chapter 2 entrepreneurship full lecture ppt
annejo20
 
PDF
HQ #118 / 'Building Resilience While Climbing the Event Mountain
meetingmediagroupusa
 
PPTX
Project Management_ SMART Projects Class.pptx
ravindra661395
 
PDF
Communication Tactics in Legal Contexts: Historical Case Studies (www.kiu.ac...
publication11
 
DOCX
Hand book of Entrepreneurship 4 Chapters.docx
DrSubinKMohan
 
PPTX
operations management : demand supply ch
JayeshJaiswal23
 
PPTX
Transportation in Logistics management.pptx
ssuserc60071
 
PPT
Retail Management and Retail Markets and Concepts
SurbhiChoudhary37
 
BUSINESS CYCLE_INFLATION AND UNEMPLOYMENT.pptx
TasmiaThalil
 
2 - Self & Personality 587689213yiuedhwejbmansbeakjrk
inshu28231804
 
Chapter 2 - AI chatbots and prompt engineering.pdf
Quan Risk
 
Sustainable Digital Finance in Asia_FINAL_22.pdf
deafajriatatarizqaja
 
Cross-Cultural Leadership Practices in Education (www.kiu.ac.ug)
publication11
 
Middle East's Most Impactful Business Leaders to Follow in 2025
thearabbusiness
 
IMM.pptx marketing communication givguhfh thfyu
aruntambralli3813
 
Center Enamel Powering Innovation and Resilience in the Italian Chemical Indu...
cecvessels
 
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
IMM marketing mix of four ps give fjcb jjb
aruntambralli3813
 
Comments on Clouds that Assimilate Parts I&II.pdf
Brij Consulting, LLC
 
Stacey L Stevens - Canada's Most Influential Women Lawyers Revolutionizing Th...
insightssuccess2
 
chapter 2 entrepreneurship full lecture ppt
annejo20
 
HQ #118 / 'Building Resilience While Climbing the Event Mountain
meetingmediagroupusa
 
Project Management_ SMART Projects Class.pptx
ravindra661395
 
Communication Tactics in Legal Contexts: Historical Case Studies (www.kiu.ac...
publication11
 
Hand book of Entrepreneurship 4 Chapters.docx
DrSubinKMohan
 
operations management : demand supply ch
JayeshJaiswal23
 
Transportation in Logistics management.pptx
ssuserc60071
 
Retail Management and Retail Markets and Concepts
SurbhiChoudhary37
 
Ad

E-discovery - social media & cloud-dec2011

  • 1. Maintaining, Preserving & Disposing of Data on Social Media & Cloud Computing Platforms Catherine Teti Managing Director, Knowledge Services Chief Agency Privacy Officer US Government Accountability Office December 1, 2011
  • 2. Presentation Overview Challenges, issues and requirements that agencies need to be mindful of/address when moving into the cloud or using social media. Value Proposition Risks and Requirements Governance – effective information management and oversight GAO’s Experience Additional References December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 3. Value Proposition What . . . Problem will be solved? Service enhanced? Operational or resource efficiencies realized? Understand your audience/customer base Multiple points of information dissemination (e.g., reposting information to agency web sites) OMB “Guidance for Agency Use of Third-Party Websites and Applications”, M-10-23, June 25, 2010 Provide alternatives to 3d party websites/applications (i.e., public shouldn’t have to join a social media site to access agency information or services) December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 4. Risks and Requirements - Records Is a record required? See Value proposition (why are you doing this in the 1 st place? Evidence of agency policy, decisions, mission Original or repurposed content (is it already captured elsewhere?) Caution: Content vs. medium December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 5. Risks and Requirements – Capture/Retain Capture and retention Preserving data that isn’t “owned” or controlled by your agency - Do you (or should you) care? What if – the cloud vendor goes out of business, the agency changes contractors, you decide to stop using Facebook? Disposing of or destroying data at the end of its retention period (inclusion in terms of service) Does it matter if you can’t dispose of it – i.e., potential lack of control December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 6. Risks and Requirements – Security/Privacy Security Potential for hacking or attacking systems and/or data Privacy – Potential for inappropriate use of personal data What is captured (essential only) ? Why? How is it used? How is it secured? User notification – collection and use See also OMB M-10-23 requirements for privacy impact assessments Agency privacy notices December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 7. Federal Agency Information Management Requirements The Paperwork Reduction Act – information collection and responsibilities for the management of information resources The Privacy Act - use of personal information by federal agencies FISMA, the Federal Information Security Management Act - requirements for protecting agency information and systems from misuse FOIA - public access to agency records The Federal Records Act - requires agencies to manage records needed for their operations and have processes to properly dispose of or save (historically significant) records NARA Bulletin 2011-02 - Guidance on Managing Records in Web 2.0/Social Media Platforms December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 8. E-Discovery Requirements Formalized in the amended Federal Rules of Civil Procedures in 2006. All Electronically Stored Information (ESI) stipulated in a subpoena must be preserved as part of a legal hold. Organizations must be able to preserve and produce all ESI relevant to a discovery order. Organizations’ inability to search for and locate relevant information is causing significant risk. Costs for e-discovery are continuing to skyrocket for organizations without proper information management. December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 9. Governance – The Key to Effective Information Management and Oversight Different information – and mission - disciplines working together for an integrated approach: Records Management Information Security Information Technology Legal Privacy Business owner(s) Realigning and re-engineering stove-piped management processes to create integrated and coordinated approaches to managing information across the information life cycle Oversight – capture/custodianship Guidance – Who speaks for the agency December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 10. GAO’s Key Requirements for Effective IM Business Purpose Align management with GAO business processes to meet mission objectives Organizational Commitment Ensure executive sponsorship and stakeholder buy-in Governance Clearly define policy and requirements Recognize constraints and limitations Strive for user engagement and senior executive sponsorship Information governance alliance among IT, records, legal, information security, privacy, public affairs, business owners Oversight Performance measures and accountability December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 11. GAO’s (Adaptive) Use of Social Media Tools Information Dissemination Twitter (RSS feeds) YouTube Podcasts Facebook Flickr Information Sharing Wiki (internal) All records are managed according to GAO IM policies December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 12. An Effective IM Program An effective IM program allows GAO to: Retrieve: Easily retrieve relevant information in a timely fashion Access: Provide access to information to the right people when it is needed Audit: Able to identify anomalies and ensure compliance with all applicable rules and regulations (FRA, FISMA, etc.) Dispose: Ability to dispose of information in the normal course of business when it is no longer needed in accordance with GAO’s retention and disposition policy December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 13. GAO’s Disposition Strategy GAO’s records disposition schedule applies to records regardless of format or media. Disposition strategy is comprehensive for all records types (paper, electronic, data sets, and other “stuff”) so it is applied uniformly across all media and formats. Ensures that GAO complies with all requirements, mitigates risk and exposure, saves storage space, is cost-effective, and allows for easier search and retrieval of remaining records. December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 14. GAO Reports on Information Management and Social Media GAO-11-605: Social Media: Federal Agencies Need Policies and Procedures for Managing and Protecting Information They Access and Disseminate GAO-10-838T: Information Management: The Challenges of Managing Electronic Records GAO-11-15: NARA: Oversight and Management Improvements Initiated, but More Action Needed GAO-08-536: Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information GAO-10-537T: Freedom of Information Act:  Requirements and Implementation Continue to Evolve December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 15. Additional References OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications Best Practices Study of Social Media Records Policies, ACT/IAC Collaboration and Transformation (C&T) Shared Interest Group (SIG), March 2011 ( www.actgov.org/SocialMediaRecords ) NARA Bulletin 2011-02, Guidance on Managing Records in Web 2.0/Social Media Platforms, October 20, 2010 December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 16. Questions? Catherine Teti Managing Director, Knowledge Services, Chief Agency Privacy Officer US Government Accountability Office (GAO) [email_address] 202.512.9255 December 1, 2011 Data Management Challenges – Social Media & Cloud Page
  • 17. December 1, 2011 Data Management Challenges – Social Media & Cloud Page GAO on the Web Web site: http://www.gao.gov/   Contact Chuck Young, Managing Director, Public Affairs, [email_address] (202) 512-4800, U.S. Government Accountability Office 441 G Street NW, Room 7149, Washington, D.C. 20548 Copyright This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately.

Editor's Notes

  • #10: Guidance to staff – Who posts where, who speaks for the agency Tie to existing media policy