Security laws, regulations and guidelines directory

By CSO staff, CSO |  Security, privacy, regulation

* How to compare and use legal hold software

* Digital forensics software tools: The usual suspects

* Intellectual property theft: How to stay out of the penalty box

* The 7 deadly sins of records retention

Security professionals may be involved in proving to a court's satisfaction that stored data has not been tampered with.

Who is affected: Any company that is--or could be--involved in a civil lawsuit within the federal courts. In addition, because states have adopted FRCP-like rules, companies involved in litigation within a state court system are also affected.

Link to the rules: http://www.law.cornell.edu/rules/frcp/

Key requirements/provisions: There are 13 sections to the FCRP. The major changes pertain to Chapter 5, Rules 26-37, as these require a detailed understanding of electronic data retention policies and procedures, what data exists and where, as well as the ability to search for and produce this data within the timeframes stipulated. Here is a summary of these rules:

Rule 26 (a): Makes clear that electronically stored information is discoverable and that companies must be able to produce relevant data.

Rule 26 (b)(2): Clarifies limits on discoverable data; for instance, companies are not required to produce data that would prove to be excessively expensive or burdensome, such as from sources that aren't reasonably accessible, like backup tapes used for disaster recovery and obsolete media.

Rule 26 (f): Stipulates that the parties involved need to discuss issues relating to the disclosure or discovery of electronic data before discovery begins.

Rule 33 (d): Establishes that a reasonable opportunity is provided to examine and audit the data provided.

Rule 34 (b): Establishes that electronic data is as important as paper documents, and that it must be produced in a reasonably usable format.

Rule 37 (f): Provides "safe harbor" when electronic data is lost or unrecoverable, as long as it can be proved that good-faith business operations were routinely followed.

Source: Cornell University Law School, Business Records Management

Section two: Industry-specific regulations and guidelines


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness