Cyber Security Industry Alliance Newsletter • Volume 2, Number 6  • February 2006

Summary of Data Integrity Summit:
Legal Implications of IT Security


John Podesta,
Keynote Speaker

CSIA held the Data Integrity Summit on January 18, 2006, an event sponsored by Surety, LLC, Cooley Godward LLP, Symantec, Shapiro Sher Guinot & Sandler, Alston & Bird, and Grant Thornton. The proceedings were well attended by attorneys, IT security professionals and business executives seeking to learn more about the business and legal implications of data integrity.

John Podesta, the former Chief of Staff for President Clinton and current CEO of the Center for American Progress, launched the day with his keynote address. Mr. Podesta touched upon the need for data integrity and oversight within government, and the benefits of secure data in a democratic society.

Randy Kahn, author of Information Nation, set the stage for further discussion by defining data integrity and demonstrating its use in the business environment. He reviewed the challenges inherent in maintaining the integrity of data in this information age.

Three panels explored different aspects of data integrity. Orson Swindle, former FTC Commissioner, moderated the discussion on corporate accountability. The panel stessed the need for a company's highest authorities — right up to the Board of Directors — to address data integrity issues. The requirements put on businesses by regulatory bodies such as the SEC and the FTC will also push executives to become familiar with their organization's data initiatives.

Over 100 attorneys,
IT security professionals and business executives
attended the Summit

The second panel featured attorneys who reviewed the legal ramifications of data integrity for companies in both day-to-day operations and in the throes of litigation. Ms. Christine Palmieri, a partner at Liddle & Robinson, L.L.P., discussed her experience representing the plaintiff in the landmark case: Zubulake v. UBS Warburg. This lawsuit started as a sexual harassment case and has become well known for its determinations regarding the responsibilities of businesses to produce electronic records, including emails, during litigation.

Panelists took questions
from the audience

Technology security professionals took on the technical side of data integrity. Panelists reiterated a common theme of the day: that data integrity is not just an IT issue. It's critical, they stressed, that employees at every level of an organization understand the importance of data integrity and collaborate to create a strategy for demonstrating the integrity of data. The legal department, for example, should consult with IT professionals to develop an appropriate document destruction policy. Similarly, as soon as litigation could be reasonably expected, legal counsel should consult with executives and IT to develop a strategy to segregate and maintain documents that may be responsive to litigation discovery requests.

During lunch, Jeffrey Ritter, partner at Kirkpatrick & Lockhart Nicholson Graham, presented the business case for data integrity, a subject that had not been directly addressed by the panels. In clear and persuasive terms, he outlined the bottom line benefits of a strong data integrity program.

Federal Magistrate Judge Ronald Hedges presided over a demonstration of a "real world" data integrity scenario. A corporate CIO had to prove his firm's product data, and the IT security system in which it was housed, had not been tampered with nor had any relevant data been improperly back-dated. This portrayal pulled together the themes of the day in a very real and tangible demonstration of the value of data integrity.

In his summary of the day, Orson Swindle reminded attendees that information is the currency of the age. "Just as banks go to great lengths to secure their vaults," he cautioned, "so must business go to great lengths to secure their information."