Power of Proof Newsletter - August 2008
In this Issue:
Is Seeing Really Believing?
Hospital Records Falsified in Waiting Room Death Case
Improved E-Mail Management
When Legal Trouble Hits, the Delete Button Will Not Protect You
As the old adage goes, “A picture’s worth a thousand words.” However, despite the fact that most of us turn to newspapers, magazines, Web sites, and blogs to keep up with the news and we put our trust into those journalists whose job it is to bring us the latest truth to the stories, the phrase “Don’t believe everything you see” is equally important to remember. You may think fabricated images never make it into the mainstream news, but they do. After the truth surfaced about a recent photograph that depicted an “extra” Iranian missile (http://thelede.blogs.nytimes.com/2008/07/10/in-an-iranian-image-a-missile-too-many/index.html?hp), we decided to take a look into some other headlines, finding several recent examples of digitally altered images.
The digitally altered photos are a great visual representation of the danger that exists within electronic records – they can be changed subtly, and the changes may not be immediately obvious to the human eye. Like photos, e-mail chains can be edited when they are forwarded or replied to, permanently altering the record. Motivated insiders with access to software products like PDFcracker.com can easily compromise those documents. It is essential to take steps to safeguard your most important electronic records and intellectual property.
Take a look at this actual image tampering incident and see for yourself. The photograph on the right of New York Times reporter Jacques Steinberg was recently aired on Fox News' Fox & Friends. Comparing the image to that on the left, which is the original photo, it appears that Steinberg’s teeth were colored yellow and his facial features were embellished.
To see our roster of recently altered images that have made their way into the headlines, visit http://www.surety.com/news/article/is_seeing_really_believing/.
Hospital Records Falsified in Waiting Room Death Case
By now you’ve probably seen the widely distributed and quite disturbing video showing a female patient who collapsed and died in the waiting room of the hospital and lay there for more than an hour until hospital staff responded. The hospital is now facing intense scrutiny from many groups, including the American Civil Liberties Union and the Department of Justice.
Among the many allegations leveled at the hospital and its staff is one concerning the authenticity of the electronic records relating to Green’s care. The New York Civil Liberties Union states that hospital staff falsified Green’s records in an attempt to cover up the amount of time she was without assistance.
"Contrary to what was recorded from four different angles by the hospital's video cameras, the patient's medical records say that at 6 a.m., she got up and went to the bathroom, and at 6:20 a.m. she was 'sitting quietly in waiting room' -- more than 10 minutes since she last moved and 48 minutes after she fell to the floor."
Considering the severity of the allegations and outrage over Green’s death and mistreatment, it is not difficult to comprehend the employee’s motivation for falsifying the times on Green’s records. In his blog BizTechTalk, Delphi Group’s Dan Keldsen asks, “do YOUR systems support verifiable, tamper-proof audit trails? Are you synchronizing the date/timestamps of related systems, such as in this case, video surveillance?”
Keldsen goes out to ask his readers scary but important questions such as “can people back-date contracts in your organizations? Invoices? E-mail messages? If you need to roll-back your entire systems to a certain point in time to see exactly what offers were made to who and when, could you do it?”
This, of course, is a dramatic example of the importance of digital time-stamping. Though most companies do not deal in life and death matters on a daily basis, it’s critical to remember that someone could always have motivation to manipulate your electronic records and the results could lead to litigation, regulatory investigation or any number of other harmful consequences.
There’s no denying that e-mail continues to be the lifeblood of nearly every organization. Legal and regulatory bodies have made their expectations for the preservation of email records abundantly clear through high-profile case decisions and recently enacted regulations that their expectations for the preservation of email records. Coupled with the ease with which email – and other electronic records – can be manipulated, courts and regulators now expect each individual organization to carry the burden of authentication for its email records. Organizations that fail to take action and ensure the security of their email records face stiff fines and risk the inadmissibility of their electronic evidence during litigation, non-compliance and lost IP.
Frighteningly, according to a survey conducted by the Association for Information and Image Management’s (AIIM) Market Intelligence Group, “only 49% of businesses can say with confidence that their electronic documents are accessible and accurate,” it’s obvious that we aren’t sure. To help us out, AIIM offers some tips to keep in mind when developing an email management strategy.
- Making Policy – Ensure that all employees understand that corporate emails belong to the company and that privacy rights are little to none.
- Document Retention and Archival – Make sure your document retention policies are up-to-date and that email records are easily accessible.
- Consider Encryption – Take into consideration the option of encrypting files, as it will save you from worrying where your communication ends up.
To this list, we’d add that organization’s must be able to authenticate email records to ensure their admissibility as evidence during legal, regulatory and patent proceedings
When Legal Trouble Hits, the Delete Button Will Not Protect You
Even if a company has all its corporate e-discovery rules and guidelines in place, a portion of its fate lies in the hands of employees. With all the forms of electronic communication employees engage in, there’s an overwhelming amount of evidence out there that needs to be properly managed. The best way to make sure all that data is safe and appropriately archived is to follow strictly your retention policies and keep in mind the author’s suggested steps, intended to help you survive the e-discovery process.
- Don't destroy documents if you're facing a lawsuit
- Develop a document retention and management policy
- Protect sensitive information
- Know the law
- Provide training
- Enlist the help of the IT department
- Penalize violators
- Consult an attorney
We would add one more tip for anyone looking to implement a truly effective e-discovery plan – make sure that electronic records are properly authenticated so that they can be admitted into evidence.