Security professionals may be involved in proving to a court's satisfaction that stored data has not been tampered with.
Who is affected: Any company that is--or could be--involved in a civil lawsuit within the federal courts. In addition, because states have adopted FRCP-like rules, companies involved in litigation within a state court system are also affected.
Link to the rules: http://www.law.cornell.edu/rules/frcp/
Key requirements/provisions: There are 13 sections to the FCRP. The major changes pertain to Chapter 5, Rules 26-37, as these require a detailed understanding of electronic data retention policies and procedures, what data exists and where, as well as the ability to search for and produce this data within the timeframes stipulated. Here is a summary of these rules:
Rule 26 (a): Makes clear that electronically stored information is discoverable and that companies must be able to produce relevant data.
Rule 26 (b)(2): Clarifies limits on discoverable data; for instance, companies are not required to produce data that would prove to be excessively expensive or burdensome, such as from sources that aren't reasonably accessible, like backup tapes used for disaster recovery and obsolete media.
Rule 26 (f): Stipulates that the parties involved need to discuss issues relating to the disclosure or discovery of electronic data before discovery begins.
Rule 33 (d): Establishes that a reasonable opportunity is provided to examine and audit the data provided.
Rule 34 (b): Establishes that electronic data is as important as paper documents, and that it must be produced in a reasonably usable format.
Rule 37 (f): Provides "safe harbor" when electronic data is lost or unrecoverable, as long as it can be proved that good-faith business operations were routinely followed.
Source: Cornell University Law School, Business Records Management
Section two: Industry-specific regulations and guidelines