<Insert Picture Here> Oracle ECM 기반의 ediscovery 와기록물관리 더존정보보호서비스 ediscovery 관점에서의전사적정보선임연구원관리및보호김성도
미국민사소송개요 Pleading( 소송의개시 ) Pretrial( 증거공개요구절차 : Discovery) Pretrial Conference( 재판전협의 ) Summary Judgment, Default Judgment Bench Trial, Jury Trial
미국민사소송개요 Pleading( 소답 : 訴答 ) 소송당사자가자신의주장을기재한서면또는그서면을서로교환하는절차 원고가작성하는최초의 Pleading을 Complaint( 소장 ) 라함 원고가소장을법원 (court) 에제출하면법원은소환장을원고에게교부 원고는이소환장과소장사본을피고에게송달 (serve) 피고는이에대한답변서를법원에전달 소장과답변서가법원과상대방에게송달되면 pleading 절차가완료
미국민사소송개요 Pretrial( 증거공개요구절차 : Discovery) 상대방에게증거와정보의공개를요구하는절차 Pretrial의핵심은 Discovery 절차 소송당사자가서로상대방이보유한증거물, 서류, 증인등을공개하도록요청함으로서로대등한조건하에서소송진행 소송이시작되면상대방에게사건과관련된모든정보와자료를요구할수있음 Ex) 주식투자자가특정증권사를상대로소송을진행한다고가정할때, 투자자가 Discovery 절차에들어간다고선언하면투자자는그회사의모든서류와장부를보여달라고요청할수있음 시간과비용이많이소요 쟁점을명확히하고재판이시작된후은폐될지모르는증거물을확보 서로상대방의무기 ( 증거물 ) 를자세히알게되므로이과정에서타협이이루어지는경우가많음 (90%) Discovery 예외 변호사 - 고객, 성직자 - 신도, 의사 - 환자 privilege
ediscovery 개요 Discovery? 소송당사자가공판전에공판의준비를위해법정외에서법정의방법에의하여소송의 issue( 쟁점혹은쟁점사실 ) 를명확히하기위해정보및증거를공개 수집하는제도 (Jack H. Friedenthal, Civil procedure, 2 nd ed.) Discovery 절차를통하여쟁점이정리되고증거의윤곽이밝혀져효율적인본안재판가능 민사소송상당사자는공판절차가진행되기이전에스스로자신이보유한증거를공개함과아울러상대방당사자나제3자에게증거개시요구가능 당사자는제소후법원의주재에의한공판절차이전에각각이스스로증거를수집, 보관해야함 ediscovery? 2006년 12월 1일발효된 미연방민사소송법 (FRCP) 는 discovery의대상이되는증거물의범위에 ESI(Electronically Stored Information) 을포함 대부분의미국기업은전자정보 (ESI) 의법률적인요구에따른벌금, 시간, 회사평판손실을막기위한대책이필요 관련정보를쉽게식별 / 보관할수있는툴을가지고있지않으면, 통상 10-100개의상시소송에시달리는기업의입장에서는거의모든정보를저장하려할것이고쓸모없는정보까지저장하는우를범할것 ( 관리비용, 저장비용 )
ediscovery 절차 Records Management 문서관리 / 보존정책을가지고조직내문서를관리해야함 SOX 관점에서도조직내문서관리 / 보관정책이잘이행되지않으면조직또는조직원모두에위험이될수있음 Identification Discovery에사용해야하는문서의스코프를결정 Discovery에잠재적으로사용가능한많은문서를준비하고, 이들중수집 (collect), 보관 (preserve) 해야하는문서를결정
ediscovery 절차 Preservation 문서가변경또는파괴되지않음을보장해야함 Collection 다양한소스로부터 ESI 수집 (tapes, drives, portable storage devices, networks, etc.). Preservation and collection sometimes overlap.
ediscovery 절차 Processing 중복, 또는연관성이없음이확실시되는문서들은제외 (type, origin, date) ESI 를보다효과적으로 review 할수있는형태로포맷변경 Analysis ESI 를평가해서관련요약정보 ( 사건의주제, 주요인물, 중요한문서 ) 를작성하는단계 상세 review 전생산성을향상하기위해실시 Review 민감한문서를선별하는단계, 법정에서의전략이수립되는단계 Evaluate collected ESI, frequently for relevance and privilege
ediscovery 절차 Production Deliver electronically stored information to various recipients law firm, corporate legal department, service provider, etc. Deliver electronically stored information for use in other systems. automated litigation support system, web-based repository, etc Deliver electronically stored information on various media CD, DVD, tape, hard drive, portable storage device, paper, other Presentation Although this stage comes last in this list, think of it as the first. Consider early and often how you can most effectively present the ESI at hearings and trial.
ediscovery 판례 Easton Sports v. Warrior Lacrosse 영업기밀정보 Spoliation 에대한 sanction, adverse inference Mosaid Technologies Inc v. Samsung Electronics co. 특허침해소송, Email 삭제에대해 $566,838 sanction Coleman v. Morgan Stanley Email 미제출에따른 sanction, 패소 z4 Technologies v. Microsoft Corp. Zubulake v. UBS Warburg LLC
정보관리및보호의중요성 Litigation needs ediscovery 개인정보보호관련소송 ( 기업돌연사 : 기업이개인정보유출관련소송으로파산할수있음 ) 저작권법 Compliance 측면 (regulatory needs) Healthcare : All healthcare provider must comply with the Health Insurance Portability and Accountability Act of data security and management regulation Financial : SEC Rules 17a-3 and 4 require securities broker-dealers to properly maintain extensive records of all transactions. Additionally, the Gramm-Leach-Bliley Act(GLB) covers storage of consumers personal financial information held at financial institutions. Telecommunication : 47 CFR 42 General : The Sarbanes-Oxley Act(SOA) requires all publicly-held US companies to comply with strict t information technology guidelines. International : Companies doing business in Europe must also comply with the Data Protection Act of the European Union. 협업측면 (business needs) Islands of content problem
ediscovery 관련기업요구사항 정보관리정책, 절차 정보저장위치 정보보관, 폐기주기 기밀정보의보호 감사추적가능성 문서, email 관리 S/W ECM, email 백업솔루션, ediscovery 전문솔루션 etc. z4 Technologies v. Microsoft Corp. case에서와같이규모가큰회사의경우인력에의한 discovery는불가능 ( 시간, 비용의효율성 ) 보관문서 (repository) 접근통제솔루션 Easton Sports v. Warrior Lacrosse case에서와같이직원에의해고의로자료가삭제되는경우에도회사에관리책임 중앙 repository의기밀성유지 Privacy 에대한고려필요
ediscovery 관련솔루션 Summation Introspect Ringtail (FTI) Browne(JFS Litigator s Notebook) Concordance(DataFlight) Discovery Radar(KPMG) IPRO HardCopy Plus(extractiva)
ediscovery 관련솔루션 Acquire Data Preservation(Legal hold) Metadata 제거 Email data 추출 Data conversion (pdf, tiff etc.) Review Keyword search Logical Categorization ti
ediscovery 관련솔루션 ediscovery 관련솔루션 Encase ediscovery Litigation Support Regulatory / Policies / Compliance Enterprise Search and Collection of data Culling and Processing of collected evidence Integration with third-party review platforms Auditing of process and chain of custody Massive Internal Audits External Audit outside party is requesting Docs. Proactive (audit document retention and personal information)
ediscovery 관련솔루션 디지털문서의검색및수집을위한자동화기능 관련메타데이터를보존하면서개별파일 / 문서를검색하고수집 수집도중데이터검색및필터링 다음조건으로검색및분석제공 File type (.doc,.xls,.ppt ) Key words ( 검색고유내용 ) Metadata ( 생성, 수정또는최근액세스날짜및시간 ) Hash values ( digital fingerprints ) Custodians (by user name or SID) Search, Acquire, and process Only Potentially Relevant Data Process Data Legal Review and Analysis Produced Documents
ediscovery 관련솔루션 ediscovery 관련솔루션 대형지점 중소지점 외부감사인 내부감사인 SAFE Examiner 대상컴퓨터 대상컴퓨터 1 Examiner 컴퓨터에서단일 혹은다수의컴퓨터를대상 으로관련데이터수집명령 대상컴퓨터 실행 대상컴퓨터 2 조사대상컴퓨터에서관련데이터만집중조사 Examiner 대상컴퓨터 3 Metadata 를포함한검색결과는수집된후 Examiner 로전송 보고자료 DB SAFE 대상컴퓨터 4 수집된정보는감사용자료 형식으로 DB에전송되어보 관 대상컴퓨터 본사 5 감사조직에서보고서작성 감사조직 EnCase ediscovery Suite
ediscovery 관련솔루션 더존정보관리시스템 (EIM) 문서의중앙관리, 중앙검색및리뷰가가능하고중요파일, 메일의경우중앙서버에자동보존하여 ediscovery 와같은데이터추출요구에적시대응가능시스템 SERVER 색인정책설정 MANAGER 접근권한에따라기업내부문서중앙검색 색인결과검색 DB 검색결과전송 색인정책적용 색인결과전송 AGENT 웹을이용한파일리뷰 (Image 형태로변환 ) 18
ediscovery 관련솔루션 더존정보추적시스템 정보추적시스템은문서의생성시로부터복사, 변경, 삭제, 이동등의전체 Life Cycle 을상시감 시하여문서의현상태및위치등을파악할수있어감사및사후대응에효과적인시스템 SERVER MS SQL 정책설정 로그검색 / 조회 MANAGER 파일단위감시생성, 복사, 삭제, 이동 ( 공유폴더포함 ) 문서의이동경로파악문서의현위치파악 실시간시스템정보저장 파일이벤트로그저장 관리자로그저장 실시간시스템정보전송 정보의사내분포파악 AGENT 파일의 life cycle 을감시 파일유출기도에대한사전포착 내부보안 / 감사초점 19
What s the Solution? Broader, Consistent, Enforced Policies Combined with Technology Reduce Exposure Enterprise Information Inventory Knowing What You Have Information Retention Policies Keeping What You Want Records Retention Keeping What You Need Legal Review and Analysis Reducing the ediscovery er burden
Base Your Records Retention Policies on Best Practices Don t retain more content than is necessary There is nothing wrong with a policy of destroying documents after the point is reached at which there is no good business reason to retain them. Arthur Andersen, LLP v. United States, 125 S. Ct. 2129, 2131 35 (2005); Fidelity Nat. Title Ins. Co. of New York v. Intercompany Nat. Title Ins. Co., 412 F.3d 747, 750 (7th Cir. 2005) Apply policies consistently and universally Destruction of data pursuant to valid document retention policy did not warrant spoliation sanctions Hynix Semiconductor, Inc. v. Rambus, Inc., No. C-00-20905 RMW (N.D. Cal. Jan. 4, 2006). Apply legal holds promptly and universally Courts have demonstrated little toleration for spoliation. (Enron, etc.) Enable the right people to design the policies Policies should make sense from a risk management, legal, and operational standpoint Get IT out of the business of making retention policies
Implement a Records & Retention Management Platform Universal: Address the root cause by cataloging, applying retention policies, and applying holds to all content Regardless of location Regardless of whether it is a record or not Regardless of whether it is electronic or physical In-place: Apply holds and retention management actions in-place Minimize impact on users Reduce issues associated with moving electronic content Leverage existing applications Flexible: Provide features needed for to address all content, not just records Retention triggers based on calendar, event, usage, revision Retention actions: Delete, move, alert, create
Universal Records & Retention Management Apply retention policies to all content, not only records Centralize policy administration and disposition processing Centrally manage legal holds and discovery Apply records and retention policies across multiple repositories Apply policies in place to minimize user disruption
Oracle Universal Records Management Enterprise-wide records and retention management system Distributed agent architecture enables in-place place management Maintains catalog of all content (electronic or physical) Manages federated queries and locks and holds Oracle Universal Records Management Records Manager Discovery Services Central Policy Management Physical Records Manager Notifier Agent Services Agent Agent Agent Agent Agent Oracle Oracle File Microsoft Symantec Email UCM I / BPM Servers Sharepoint Archive Agent Custom
Manage & Discover All Records from a Central Control Point Comprehensive Records Management & Retention electronic records management DOD 5015.2 chapter 2 and 4 physical records management including space, circulation management, barcode Discovery Services Legal holds Centralized queries & searches Content review & conversion Oracle Universal Records Management Records Manager Universal Retention Mgmt. Discovery Services Central Policy Management Physical Records Manager
Leverage Workflows, Automatic Notifications & Audit trails E-mail-based workflow for disposition or holds on content Automatic notification of changes in document disposition Audit trail of requests, responses, escalations Oracle Universal Records Management Discovery Services Central Policy Management Physical Records Records Notifier Manager Manager
Manage Records Where They Live! Monitor Records in Other party repositories Multiple instances of the Oracle ECM repository SharePoint, File Servers, Symatec Enterprise Vault Manage retention/disposition across repositories Allow searches across repositories Build custom agents for additional repositories Oracle Universal Records Management Records Manager Discovery Services Central Policy Management Physical Records Manager Notifier Agent Services Agent Agent Agent Agent Agent Oracle Oracle File Microsoft Symantec Email UCM I / BPM Servers Sharepoint Archive Agent Custom
Benefits of a Records & Retention Management Platform Reduced d Costs Reduce the cost of management Reduce the cost of Discovery Predicable Discovery process Improved Law Firm Governance Ability to conduct pre-reviews Ability to better manage legal costs Reduced Risk of Fines and Sanctions Knowing what to keep Knowing what not to keep Communication policies
QnA 더존정보보호서비스 포렌식센터선임연구원김성도 (milord@duzon.co.kr)