LITIGATION SUPPORT TIP OF THE NIGHT

When discussing the importance of guarding against data breaches with attorneys, keep in mind that federal judges were the victim of a cyber attack in 2015. As this June 4, 2015 notice on the site of the Office of Personnel Management makes clear, in April 2015 its systems were penetrated during an attack that compromised the personally identifiable information (PII) of 4.2 million federal employees including that of federal judges. This attack was followed by a second data breach in July 2015 that disclosed information related to background checks for almost 20 million people. See this post on the OPM's site.

The National Law Journal reported that the spokesman for the Administrative Office of the United States Courts described the federal judiciary as having been in 'crisis mode'. The report noted that the Chief Judges of the District of Nebraska, the Western District of Texas, and the District for the District of Columbia had all received notices from the OPM indicating their data was compromised.

The initial data breach began in May 2014 and was not discovered until a year later. The breach gave rise to an information privacy suit, National Treasury Employees Union v. Archuleta, No. 4:15-cv-03144 (N.D. Cal.), alleging that the OPM violated federal employees' due process rights under the Fifth Amendment. The complaint in this suit, provides details about the data breaches. The compromised data included Form SF-86 Questionnaires for National Security Positions. The inspector general of the OPM identified deficiencies in the OPM data security programs in a 2014 audit report. This report noted that, "OPM 'continues to be negatively impacted by years of decentralized security governance' causing its technical infrastructure to remain 'fragmented and therefore inherently difficult to protect.'" Compl. at ¶ 40, quoting OPM: Data Breach: Hearing Before the House Comm. on Oversight and Gov’t Reform, 114th Cong. (2015) (statement of Michael Esser, Asst. Inspector General for Audits, Office of Personnel Management), available at www.democrats.oversight.house.gov/legislation/hearings/full-Committee-hearing-OPM-data- breach. Mr. Esser also noted that the OPM, "does not maintain an accurate centralized inventory of all servers and data bases that reside within the network." Id. at 4-5. So no data map at the OPM. Social security numbers in OPM databases were not encrypted.

Today I participated in a webinar presented by Duke Law School's EDRM entitled, "Inside BDO's E-Discovery & Beyond Survey: Lessons for Inside Counsel and Law Firms". See a report on the survey posted here. The speakers were George Socha of BDO; Robert Keeling, a partner with Sidley Austin LLP; and James Waldron, the director of the EDRM.

BDO USA, LLP, an accounting and consulting network, asked 148 in-house counsel a set of 16 questions about how their business handle electronic discovery; cybersecurity; data privacy and information governance.

The following, for me, were the key highlights of the presentation:

• 48% of the surveyed businesses are using Technology Assisted Review

• There was a jump in businesses who listed 'Big Data' as one of their top three e-discovery issues from 28% in 2017 to 47% in 2018.

• Half of the respondents did not have an information governance committee.

• Nearly half of the surveyed businesses put their CIO in charge of their information governance program, and only 17% had a separate chief information governance officer, with only 1% putting her or him in charge of the program.

• 63% of respondents said that they planned to invest in cybersecurity risk assessment in the next 12 months, 48% in incident response planning; and 37% in cyber insurance.

• 71% planned to spend the same amount on e-discovery next year, and only 23% planned to spend more.

• 42% planned an increase in their information governance budget, while 53% will maintain their current budget.

A digital signature can be obtained from a certificate authority - a third party that issues them for use by other parties. A digital certificate provides the public key that can be used to validate the private key that is associated with a private key. It's possible to purchase a digital signature from a third party such as GloboSign or IdenTrust. '

However you can also obtain a digital signature through Windows. If you're running Windows 7 and Office 2016 look in Windows Explorer at C:\Program Files\Microsoft Office\root\Office16 for a file named SELFCERT.exe. Click on this file, and it will open a new dialog entitled, "Create Digital Certificate".

Enter a name for the digital certificate and then click OK. The next step is to open an MS Office and then go to the Developer tab. Click on Microsoft Security and then enable all macros. Click OK.

Then back on the Developer tab in the Code group click 'Visual Basic'. Go to the Tools menu and select Digital Signature.

Then click Choose and the digital signature should be automatically located. Be sure to save the MS Office file in a macros enabled format.

Then go to Start and simply type Internet Options. Click on the program called, 'Internet Options' which appears in the search results and in the new dialog click on the Contents tab and then click 'Certificates'.

You can then export your digital certificate for use elsewhere. The resulting file should have a 'cer' extension.