Group items matching

in title, tags, annotations or url

As the impact of digital advertising on consumer privacy comes under scrutiny, AT&T is taking a stance in support of stricter standards. Rep. Rick Boucher (D., Va.), chairman of the subcommittee, said in an interview Wednesday that a statute is needed to regulate how companies collect, share and use data on consumers' behavior in targeting online advertising. While ad targeting on the Web has been at the forefront of privacy advocates' concerns, worries are growing about other media, ranging from mobile phones to emerging TV technologies. To sell marketers targeted ads, technology and media companies collect data about customers, ranging from the Web sites they visit to the neighborhoods they live in to the TV shows they watch. Marketers often will pay a premium for this form of advertising because it allows them to show their ads to consumers who are likelier to buy their products or services. "Pitfalls arise because behavioral advertising in its current forms is largely invisible to consumers," says Dorothy Attwood, AT&T's senior vice president of public policy and chief privacy officer, in prepared testimony she is expected to deliver at the hearing of the House Subcommittee on Communications, Technology and the Internet. Her statement says consumers don't fully understand that their online activity is used to create detailed profiles of them. Internet and other media companies say the data they use to target ads are anonymous and can't be traced to individual consumers. AT&T plans to argue that consumers should have "full and complete" notice of what information is collected about them and how it is used and protected, and should have tools that let them determine whether their Web activities are being tracked. The company says it won't use consumer information for online behavioral advertising unless it first obtains consent from the consumers involved. AT&T's stance contrasts with the position taken by most big Internet companies and industry trade grou

The US Department of Justice has asked for yet another extension to the judicial oversight of Microsoft's antitrust compliance in order to give the company more time to update its technical documentation. The original judgment had already been extended once to late 2009, but now the DOJ wants it extended again for another 18 months. The sanctions on Microsoft, which were agreed to in 2002 and originally set to expire in November 2007, are aimed at preventing the company from retaliating against hardware vendors that ship computers with alternatives to Microsoft's software products. An additional set of sanctions mandating interoperability API licensing had already been extended for another two years. When it came time for the decree to be lifted, however, Judge Colleen Kollar-Kotelly decided that Microsoft failed to provide protocol specification documents to competitors as required by the agreement. Because of this, she extended the oversight until November of 2009. In a document filed with Judge Colleen Kollar-Kotelly on Thursday, the DOJ requested another extension to her oversight of Microsoft's antitrust settlement, apparently because it feels Microsoft still has a ways to go before meeting the requirements. At the same time, a joint status report from Microsoft and the plaintiffs states that all parties seem to think that things are almost ready. "It is clear to Plaintiffs that Microsoft has made substantial progress in improving the technical documentation over the last two years," reads the report. "While the entire project has taken longer than any of the parties anticipated, the project is nearly complete." The request marks a reversal of the DOJ's previous position that it took in 2007 when it decided not to ask for an extension of the settlement while the attorneys general of ten states (the so-called California and New York Groups) pushed for extensions. At that time, the DOJ stated that it didn't believe that the standard for such an extension had b

Late last month, the House passed an economic recovery package containing $20 billion for health information technology, which would require the Department of Health and Human Services to develop standards by 2010 for a nationwide system to exchange health data electronically. The version of the recovery package passed by the Senate yesterday contains slightly less funding for health information technology ("health IT"). But as Congress moves to reconcile the two stimulus packages, conservatives have begun attacking the health IT provisions, falsely claiming that they would lead to the government "telling the doctors what they can't and cannot treat, and on whom they can and cannot treat." The conservative misinformation campaign began on Monday with a Bloomberg "commentary" by Hudson Institute fellow Betsy McCaughey, which claimed that the legislation will have the government "monitor treatments" in order to "'guide' your doctor's decisions." McCaughey's imaginative misreading was quickly trumpeted by Rush Limbaugh and the Drudge Report, eventually ending up on Fox News, where McCaughey's opinion column was described as "a report." In one of the many Fox segments focused on the column, hosts Megyn Kelly and Bill Hemmer blindsided Sens. Arlen Specter (R-PA) and Jon Tester (D-MT) with McCaughey's false interpretation, causing them to promise that they would "get this provision clarified." On his radio show yesterday, Limbaugh credited himself for injecting the false story into the stimulus debate, saying that he "detailed it and now it's all over mainstream media."

Broadband is cheaper in many other countries than in the United States. "You have a pretty uncompetitive market by European standards," said Tim Johnson, the chief analyst at Point-Topic, a London consulting firm. Other countries have lower costs for the same reasons their DSL service is faster. Dense urban areas reduce some of the cost of building networks. In addition, governments in some countries subsidized fiber networks. But the big difference between the United States and most other countries is competition. "Now hold on there," you might say to me. Since I wrote that many countries don't have cable systems and the bulk of broadband is run by way of DSL through existing phone wires, how can there be competition? Aren't those owned by monopoly phone companies? True enough. But most big countries have devised a system to create competition by forcing the phone companies to share their lines and facilities with rival Internet providers. Not surprisingly, the phone companies hate this idea, often called unbundling, and tend to drag their feet when it is introduced. So it requires rather diligent regulators to force the telcos to play fair. And the effect of this scheme depends a lot on details of what equipment is shared and at what prices. Britain has gone the furthest, forcing BT Group to split off a unit that operates the actual network and sells to various voice and Internet providers, including its own telephone service, on an equal basis. The United States was early with this sort of approach, requiring telephone companies to allow rival Internet service providers to sell DSL service using their networks. The way these rules were written, however, meant the wholesale cost was so high that providers like AOL and Earthlink couldn't offer a better deal than the telcos themselves. And the plan was largely abandoned in 2003 by the Federal Communications Commission on the theory that the country is better served by encouraging competition

Congress has been dithering over the adoption of a federal data security breach notice law for the last several years without coming to an agreement on a national standard for reporting breaches in the security of personal and financial data, but on February 17, data breach notice provisions applicable to health information were signed into law as part of the HITECH Act provisions of the massive economic stimulus legislation, H.R. 1 (111th Cong., 1st Sess. Feb. 17, 2009). Beginning no later than September 16 of this year, "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA) will be required to give notice of breaches in the security of protected health information, and "business associates" of HIPAA-covered entities will be required to report such breaches to the covered entities. §13402(a) & (b). Currently, California and Arkansas are the only states that require that notification be given in the case of a breach in the security of medical or health insurance information. The HIPAA Privacy Rule currently does not contain a requirement that individuals be notified in the event of such as breach. However, some covered entities interpret the existing HIPAA Privacy Rule requirement that covered entities mitigate harmful effects of uses or disclosures of health information in violation of either the Privacy Rule or the entity's policies and procedures as suggesting that such notice be given, and many covered entities currently provide such notification.

The more things change, the more they stay the same. Such is the case for information security management, which has been voted - for the seventh consecutive year - the most important issue affecting IT strategy, investment and implementation over the coming 12 to 18 months, according to the American Institute of CPAs' 20th Annual Top Technology Initiatives Survey. Employing a new strategy this year, the institute's 10-member tech task force distributed surveys to approximately 50,000 of the institute's members and then advertised the survey in an electronic newsletter. "We changed the voting audience," said David Cieslak, CPA, CITP and co-chair of the task force, noting that they sought responses from all institute members, without feedback from outside technology groups, as in past years. "It's a big year - our 20th - we wanted to make sure it was reflective of our membership." This year's survey received more than 700 responses, which ranked 33 technology initiatives that they perceived as having the most impact over the next 12-to-18 months. The most pressing initiative, according to respondents - information security management - is an integrated, systematic approach that co-ordinates people, policies, standards, processes and controls used to safeguard critical systems and information from internal and external security threats. "Integrity, confidentiality and the relationship that CPAs have with their clients is something that has always been important to accountants," said Mary MacBain, CPA, CITP and a task force co-chair. "Security is going to continue to be important." Jim Bourke, a member of the task force and partner-in-charge of technology at CPA and business advisory firm Withum Smith+Brown in Red Bank, N.J., said that it's no surprise to see information security management make the top slot yet again: "Look at the top three - what's the theme? Security and the concern about the privacy issues involving data. For the past few years, many CPAs ha

Last month, the digital advertising industry's use of behaviorally targeted advertising gained a reprieve of sorts when the Federal Trade Commission issued a final report confirming its earlier support of self-regulation. But some commission members remained concerned about ads that are shown to Web users based on their previous online activities, and in particular the possibility of violations of online privacy. Some form of legal restrictions may be imposed on the industry, the FTC indicated, if the online ad industry isn't up to the task of regulating itself. "Privacy is definitely the biggest concern today," said Joe Apprendi, CEO of Collective Media, an online advertising network based in New York. "There has been the concern that through such approaches as deep-packet technology, companies can leverage information through subscriber-based providers to marry anonymous behavioral segment data and identify real people. "The fact is, online advertising is subject to a higher standard that offline direct marketing tactics," Apprendi said. The FTC report, "Self-Regulatory Principles for Online Behavioral Advertising," continues to advocate voluntary industry self-regulation, in keeping with its principles governing online behavioral advertising issued at the end of 2007, despite the urgings of consumer advocacy groups that it impose rules regulating online advertising. The commission's new guidelines are based on four principles: * Transparency and consumer control. The commission advises that Web sites that collect data for behavioral advertising provide "a clear, concise, consumer-friendly and prominent statement" that the data are being collected to provide ads tailored to the user's interests and that the user has an easy and obvious way to choose whether to allow this. * Security for data retention. Companies that collect data for behavioral advertising should provide "reasonable" protection of that information and reta

Mary Kay Hoal tried everything she could to keep her daughter off of MySpace. She put password locks on the computer and blocked the site. Still, her daughter found ways to log on. Hoal's concerns stemmed from statistics that showed 29,000 registered sex offenders were on MySpace, one out of every five kids are sexually solicited online, and nine out of ten children are exposed to pornography online. When she looked for alternative safe sites for kids, she found none, so she decided to do something about it. Story continues below ↓advertisement | your ad here Click Here! The result is www.yoursphere.com, the only social networking site for kids and teens that's backed by the Federal Trade Commission through the site's Privacy Vaults approval. The site's Chief Technology officer worked at the California Department of Justice tracking anonymous online sex offenders, as well as the Megan's Law database. Moreover, it requires verified parental consent for a minor to join. Other features include: -- Requires verifiable parental consent to join -- Confirms the identity of the parent providing consent -- Confirms that the parent or guardian providing consent is not a registered sex offender -- Is exclusively for kids and teens through age 18. -- Exceeds COPPA (Children's Online Privacy Protection Act) and Federal Trade Commission (FTC) guidelines for protecting kids online through our approval by Privacy Vaults Inc. -- Whose policy is "no creepers allowed" -- lurkers are removed and banned. -- No fake profiles. (No one is anonymous on Yoursphere.com) "The bottom line is that we're the only place in the online world that that has taken extraordinary measures to help ensure the safety of its members and meets or exceeds standards set by the government," Hoal said. "Our opinion is that if it's a behavior that is illegal, immoral or unacceptable offline, then it's unacceptable online." About Mary Kay Hoal After researching the disturbing la

Netbook web surfers beware. That low-cost netbook you're using could be a high-speed gateway into your life, bank accounts, passwords and other personal data. Netbooks have made headlines since their 2007 launch, making PCs accessible to millions of non-traditional users. But their cheap cost could also carry a steep price tag due to lax security that makes them easier prey for viruses and hackers. Since their introduction less than two years ago by Taiwan's Asustek, nearly all major PC makers, including Hewlett-Packard, Dell, Acer and Lenovo, have jumped on the netbook bandwagon. But their no frills nature, combined with low computing power and relative lack of sophistication among their users could combine to create the perfect storm for hackers and virus creators looking for easy targets, analysts say. "The Internet is full of dangers, regardless of what computer you are using," said Sam Yen, greater China marketing manager at anti-virus software maker Symantec. "But keeping in mind that the netbook is primarily used to surf the Internet, those dangers are possibly multiplied many-fold, especially if there is no anti-virus software installed in the machine." Price tags as low as $300 mean that netbooks often lack such standard gear as firewalls and other anti-virus software typically found in other computers, leaving them highly vulnerable to attacks. "Frankly, netbook security is not there yet," said Pranab Sarmah, an analyst at the Daiwa Institute of Research. "The positioning of the netbook means PC brands are going to do whatever it takes to make the price point attractive to consumers, which means keeping costs low." Many netbook users are relative Internet newcomers, and may not be aware of precautions they can take to protect themselves. Low computing power also means savvy netbook users may shut down critical security programs to boost speed. "It's a Catch-22 situation," said Gartner analyst Lillian Tay. "If you're running too many security prog

Patients' advocates claimed victory in a battle over the privacy of health records as the U.S. Congress approved the economic stimulus bill, which contains $19 billion for health-care information. U.S. House and Senate negotiators' compromise reflects stricter standards that privacy advocates wanted for marketing, selling and disclosing health data. Both houses approved the $787 billion stimulus plan today and sent it to President Barack Obama for his signature. The legislation contains $2 billion in grants to create a national system of computerized health records and $17 billion in higher Medicare and Medicaid reimbursements for doctors and hospitals to adopt the technology. Electronic records will improve care and reduce costs, Obama said. The legislation also will boost the health-records industry, led by Allscripts-Misys Healthcare Solutions Inc., Quality Systems Inc. and Athenahealth Inc. "We've dramatically improved on the status-quo, wholly unregulated system where private patient data was bought and sold like any commodity," Caroline Fredrickson, director of the American Civil Liberties Union's Washington legislative office, said in an interview today.

The inability to discard worthless items even though they appear to have no value is known as compulsive hoarding syndrome. Ben Rothke explains why it's a bad habit in the world of IT security. The inability to discard worthless items even though they appear to have no value is known as compulsive hoarding syndrome. If the eccentric Collyer brothers had a better understanding of destruction practices, they likely would not have been killed by the very documents and newspapers they obsessively collected. While most organizations don't hoard junk and newspapers like Homer and Langley Collyer did, they do need to keep information such as employee personnel records, financial statements, contracts and leases and more. Given the vast amount of paper and digital media that amasses over time, effective information destruction policies and practices are now a necessary part of doing business and will likely save organizations time, effort and heartache, legal costs as well as embarrassment and more. In December 2007, the Federal Trade Commission announced a $50,000 settlement with American Mortgage Company of Northbrook, Illinois, over charges the company violated the FTC's Disposal, Safeguards, and Privacy rules by failing to properly dispose of documents containing consumers' credit and personally identifiable information. In announcing the settlement, the FTC put all companies on notice that it is taking such failures seriously. A $50,000 settlement might seem low when measured against the potential for financial harm to individuals as a result of the company's negligence, but in addition to the negative PR for American Mortgage, the settlement includes an obligation to obtain an audit, every two years for the next 10 years, from a qualified, independent, third-party professional to ensure that its security program meets the standards of the order. Any similar failures by this company during the next decade will be met with more severe punishment. That, indeed, is a

Online fraud is a $4 billion dollar a year industry. It grows as the unemployment rate increases and the jobless attempt to earn a living through whatever means necessary. Meanwhile, the Internet's footprint on the global economy and culture becomes larger every day. The expansion of fraud and the identification of this risk will create more jobs in the fields of compliance, risk management, and best practices. Who will fill these positions? For many companies looking to take action, the initial move will be to consolidate roles. Individuals in areas such as sales and marketing will absorb fraud identification, reporting, and prevention responsibilities. This will prove to be ineffective for the following reasons: 1. The sales and marketing staffs are not trained to identify fraud and they cannot keep up with the ever-changing tactics. 2. Associates are conflicted when faced with a fraud incident. They are not motivated to report fraud and their compensation structure dissuades them from reporting incidents. 3. Business goals are not aligned appropriately, which naturally moved fraud last on the priority list for the associates assigned the additional responsibilities. 4. While the internal attempt is made, no time is spent on partner due diligence and monitoring. Organizations will benefit in the long term by hiring dedicated staff. This tactic is one component of my company's Best Practice approach to doing business. My dedicated team helped realign business goals and create a culture that now embraces a higher set of standards and expectations. Staffing and training were the largest challenges I have faced in the last year. The positions were new, the skill set was specific, and as a result we received a dichotomous set of resumes. Applicants with online marketing experience had little to no experience with fraud, or they came from companies where more unscrupulous methods were used, and I was not confident those habits would be easily kicked. The app

The largest threat to online advertising is growing as the economy declines. More individuals will turn criminal, purchasing products or generating income through fraudulent means. Billions of dollars are stolen from businesses each year, and in 2009 companies will fight fraud with fewer resources.According to CyberSource, an estimated $4 billion dollars was lost to fraud in 2008 up from $3.7 billion in 2007, and 87% of merchants must fight fraud with the same or less staff in 2009. The increase in eCommerce fraud from 2007 to 2008 (and one can expect, in 2009) follows the advertisers' shift to spend more of their budget online. Much like crime statistics, one has to wonder how much fraud is not being reported because, among many reasons, commission-driven employees are not motivated or your company lacks resources.In early 2008, I was approached by our CEO to start a new division that would address our partners' fraud concerns-both real and perceived. He said, "I'm not going to lie to you. It's a SOB job." I was sold, and the Best Practices Division began.My team establishes best practices (measurable, repeatable events, processes, and procedures) and applies them internally and externally (to our partners' online marketing practices). At its core, best practices (BPs) are a set of standards that provide transparency and clear expectations of behavior and results to everyone involved in the business process. This accountability will drive the long-term performance of the online advertising industry while maintaining profitability without additional federal regulation.The BP approach can be applied to every business model and used to fight fraud-wherever you find it. Industry norm places the onus on the advertiser to successfully qualify inbound leads as well as identify fraudulent traffic. In the past, advertisers had only two options: become an online fraud expert, or hire a vendor.Only a small percentage of companies will be successful with the

The departments of Defense, State, and Health and Human Services have not met legal requirements meant to protect Americans' civil liberties, and a board that's supposed to enforce the mandates has been dormant since 2007, according to federal records. All three departments have failed to comply with a 2007 law directing them to appoint civil liberties protection officers and report regularly to Congress on the safeguards they use to make sure their programs don't undermine the public's rights and privacy, a USA TODAY review of congressional filings shows. An independent Privacy and Civil Liberties Oversight Board set up to monitor the departments hasn't met publicly since 2006; it no longer has members. Government missteps such as putting innocent people on terrorist watch lists and misusing administrative warrants, known as national security letters, "might have been dealt with much sooner if we had … cops on the beat to make sure there are standards that are being upheld," says Caroline Fredrickson, legislative director at the American Civil Liberties Union (ACLU). The lack of civil liberties officers at State and Health and Human Services is troubling because the departments hold passport and medical records, says James Dempsey, vice president of the Center for Democracy and Technology. "Security of that information is very important," he says, and these officers should monitor how it's used and shared. The Pentagon also has sparked concerns. Its Counterintelligence Field Activity office was criticized by the ACLU for wrongly tracking anti-war groups - a charge confirmed by the Pentagon in 2006. A 2007 law requires eight departments and agencies to have civil liberties officers and file reports. Justice, Homeland Security, Treasury, the CIA and the Office of the Director of National Intelligence have done so. Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, leaders of the Homeland Security committee, says departments not in compliance will b

The new year has come and gone on the Gregorian calendar. But the new year for legal technology is still in progress at LegalTech New York, where vendors are unveiling their new products and services and attendees are helping them celebrate. LegalTech attendees should revel in the number of vendor initiatives aimed at reducing e-discovery costs from acquisition to review and production. And, like last year, EDD vendors continue to design and manufacture their products for international litigation. But LegalTech is not all about e-discovery. There were still plenty of vendors with products outside the Electronic Data Reference Model. EDD PARTIES Readers should be aware that Index Engines can access and extract data from tape and tape libraries -- and can do so really fast. But now they can also extract data from network storage systems, file shares, forensic images and hard drives and still provide users a single point of access to it -- via a Web browser. Index Engines first indexes data on disparate resources. Once the index is compiled, data can be deduped, searched, reviewed and extracted on demand. Also note that Index Engines can now filter unwanted file types such as EXE, DLL, etc., during the indexing process to reduce the time it takes to review the data. Read LegalTech New York 2009 Coverage on Legal Blog Watch In preparation for the new year, Kazeon Systems introduced new pay-as-you-go pricing models that augment their current standard software licensing option and focus on case matters. Kazeon hopes the new pricing models allow customers to implement an e-discovery solution that does not require a major financial investment or lengthy rollout. Vendors are starting to "go left" of the EDRM to provide organizations a better view of the end of litigation via early case assessment tools. In fact, KPMG promoted the concept with a T-shirt emblazoned with "go left." Toward that end, Daticon EED announced the availability of its Early Case Assessment servic

Current government rules do too little to protect the privacy of people's personal health information and also hinder the use of health data in medical research, a panel of experts reported on Wednesday. A committee of the Institute of Medicine, which provides advice to U.S. policymakers, urged Congress to take an entirely new approach to protecting personal health data in research. Federal standards for protecting privacy of personal health data under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, are not doing the job, the panel said. Congress and the Obama administration are planning major changes this year to the U.S. health care system. Regarding the privacy rules, Congress should either start from scratch or thoroughly overall HIPAA's privacy provisions, the panel said. Better data security is needed, with greater use of encryption and other security techniques, the panel said. Encryption should be required for laptops, flash drives and other devices containing such data, it said. "Both privacy and health research are important. And we feel that we can strengthen privacy protections for people who participate in research while also allowing important research to proceed without unnecessary impediments," Dr. Bernard Lo of the University of California San Francisco, a member of the panel, told reporters. HIPAA governs how personally identifiable health information can be used and disclosed by health plans, health care providers and others. The intention is to protect personal health information while permitting the flow of information for health-related research and medical care. Lo said HIPAA has burdensome and confusing procedures for people to consent to have their health data used in medical research, dissuading people from taking part in such research.

The Heartland data breach is an opportunity for the US government to standardise data breach notification laws. Bill Conner, chairman, president and CEO of Entrust, claimed that following the revelation that more than 100 million credit cards could have been compromised, the government needs to continue to move quickly to standardise data breach notification laws and call for technology, such as encryption and stronger authentication, that truly protects consumer information. Conner said: "Cybercrime continues to grow and is increasingly affecting more and more of this country's citizens. To slow the upward trend of cybercrime in this country, all organisations - enterprise, consumer and even governments - need to carefully review current security approaches and identify key gaps within their infrastructures." He further called for Congress to pass a data breach notification law that better protects consumer identities through stronger data security standards with strong encryption. "This is an opportunity to do something about a security issue that impacts all Americans", said Conner.

Feds would spend $20 billion on health IT if Senate and House agree in coming weeks. The House-passed version of the economic stimulus bill includes about $20 billion in spending for health IT. The bill, known as H.R. 1 or the American Recovery and Reinvestment Act of 2009, would make Medicare and Medicaid providers and hospitals eligible for incentive payments for using certified e-health records technology. It also supports health information exchanges, standards development and conformance testing, a chief privacy officer for health IT and other aspects of health IT. The portion of the bill called the Health Information Technology for Economic and Clinical Health Act -- the Hitech Act, for short -- and health IT spending provisions passed largely unchanged from the bills introduced earlier this month. The Senate is expected to take up a similar bill in the first week of February. The Senate bill now calls for $23 billion in health IT spending. Once it is passed, a House-Senate conference will need to resolve differences between the bills. Congressional leaders aim to send President Barack Obama the bill by mid-February.

It's been four years since data broker ChoicePoint acknowledged the data security breach that put it in the middle of a media firestorm and pushed data protection to the top of the infosecurity community's priority list. Since then, the business world has made plenty of progress hardening its data defenses -- thanks in part to industry standards like PCI DSS and data breach disclosure laws (click to see state-by-state map) now in place. But the latest data breach to grab headlines illustrates how vulnerable organizations remain to devastating network intrusions. Heartland Payment Systems, the Princeton, N.J.-based provider of credit and debit processing, payment and check management services, admitted Tuesday it was the victim of a data breach some quickly began citing as the largest of its kind. The company discovered last week that malware compromised card data across its network, after Visa and MasterCard alerted Heartland to sinister activity surrounding processed card transactions. The Shadow of ChoicePoint The Heartland breach comes roughly four years after ChoicePoint announced -- as required by California's SB 1386 data breach disclosure law -- that conmen stole personal financial records of more than 163,000 consumers by setting up fake business requests. Since then, much bigger incidents have occurred, most notably the TJX data breach that exposed more than 45 million debit and credit card holders to identity fraud. Heartland President and CFO Robert H.B. Baldwin Jr. said Tuesday that 100 million card transactions occur each month on the compromised systems used to provide processing to merchants and businesses. As of Tuesday, the Privacy Rights Clearinghouse estimated that a total of 251,164,141 sensitive records had been compromised since early 2005. Up to 15 separate cases have been reported since Jan. 1, 2009.

Enterprise employees frequently use social networking tools, most notably Web-based applications. It's no surprise more organizations are wondering what happens if social networking data becomes relevant to an e-discovery investigation. How does an enterprise go about discovering and assessing Web 2.0 data? How responsible is an organization, legally speaking, for the information that's out there in the Web 2.0 world? What risks arise from e-discovery as it relates to Web 2.0 data, and how can you mitigate them? In this tip, we will look at e-discovery as it relates to Web 2.0 and consider the strongest options for minimizing risks to the organization. E-discovery basics We begin with a quick look at what e-discovery is and how it can create risk. Essentially, e-discovery is the electronic extension of the legal process of discovery, which Wikipedia defines as "the pre-trial phase in a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena or through other discovery devices, such as requests for production and depositions." If you're an IT person, not a lawyer, it's important to note that the rules governing the discovery process now require plaintiffs to address all electronically stored information or ESI. In other words, if your organization faces litigation, it will have to deal with the issue of e-discovery, which will entail a whole lot more than turning over some old emails. Depending upon your role in the organization, the first you may hear of this is a "notice of litigation" with perhaps a "litigation hold directive" containing a "preservation directive." Here is a generic e-discovery request below. Apart from a few limiting factors, such as subject matter, named persons and a specified time period, the scope of such a notice is likely to be broad; blame standard procedure, not some high-powered attorney pushing his or her lu