Browse Prior Art Database

Use Violation Alerts of Data Loss Prevention Software to determine most likely suspect during Early Case Assessment (ECA)

IP.com Disclosure Number: IPCOM000199142D
Publication Date: 2010-Aug-26
Document File: 5 page(s) / 45K

Publishing Venue

The IP.com Prior Art Database

Abstract

In a court case involving electronic data, courts often require lawyers of both parties to “meet and confer” and decide on queries (search criteria) and people to include in legal discovery and review. Companies prefer doing an internal search before this “meet and confer” meeting to ensure that they have the right queries and possibly to offer an out of court settlement in case they find evidence against themselves in their data. It is important for the ECA process to be able to find likely culprits and case related documents in the shortest time and with the least effort possible. During ECA related to a fraud or information leaks, paralegals / legal counsel may have to go through a large number of documents (for example email of many employees—or other data custodians) to find relevant or problematic documents. Symantec may be able to speed up this process by using rules violation data available with Data Loss Prevention (DLP) systems such as Vontu. Employees who have participated in fraud are more likely to violate DLP policies or be trapped in DLP rule violations while trying to perpetrate the fraud. Symantec may be able to ascertain the identities of individuals who have violated DLP policies, the timing of the policy violations, and find an intersection of violators and custodians. Symantec may be able to highlight the custodians that were violators to manual reviewers so that the reviews can focus their attention on such violators and speed up the investigations. Automatic classification rules can focus more on violators to get quicker results. Symantec may also be able to take input from HR and Financial systems of a company by getting a list of people who have been found to be involved in unethical behavior or financial fraud in the past. Integration of this output from DLP, HR, and Finance software to ECA/e-discovery software maybe be useful. By doing so, certain actions which have not been documented before may be used as input to e-discovery. E-Discovery is generally post-mortem, whereas DLP is real time analysis. This proposes combining the information obtained by DLP to speed up Early Case Assessment and reduce its costs. 

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 35% of the total text.

Use Violation Alerts of Data Loss Prevention Software to determine most likely suspect during Early Case Assessment (ECA)

Neel Atulkumar Bhatt

Symantec Corporation

Abstract

In a court case involving electronic data, courts often require lawyers of both parties to “meet and confer” and decide on queries (search criteria) and people to include in legal discovery and review.  Companies prefer doing an internal search before this “meet and confer” meeting to ensure that they have the right queries and possibly to offer an out of court settlement in case they find evidence against themselves in their data.

It is important for the ECA process to be able to find likely culprits and case related documents in the shortest time and with the least effort possible.

During ECA related to a fraud or information leaks, paralegals / legal counsel may have to go through a large number of documents (for example email of many employees—or other data custodians) to find relevant or problematic documents. Symantec may be able to speed up this process by using rules violation data available with Data Loss Prevention (DLP) systems such as Vontu.  Employees who have participated in fraud are more likely to violate DLP policies or be trapped in DLP rule violations while trying to perpetrate the fraud.  Symantec may be able to ascertain the identities of individuals who have violated DLP policies, the timing of the policy violations, and find an intersection of violators and custodians.  Symantec may be able to highlight the custodians that were violators to manual reviewers so that the reviews can focus their attention on such violators and speed up the investigations.  Automatic classification rules can focus more on violators to get quicker results.  Symantec may also be able to take input from HR and Financial systems of a company by getting a list of people who have been found to be involved in unethical behavior or financial fraud in the past.

Integration of this output from DLP, HR, and Finance software to ECA/e-discovery software maybe be useful.  By doing so, certain actions which have not been documented before may be used as input to e-discovery.

E-Discovery is generally post-mortem, whereas DLP is real time analysis. This proposes combining the information obtained by DLP to speed up Early Case Assessment and reduce its costs.

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.  For a full list of Symantec trademarks, please visit

http://www.symantec.com/about/profile/policies/trademarks/currentlist.jsp

Any Symantec products described in this document are distributed under licenses restricting their use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any mea...