Ads touting the benefits of cloud computing and the “cloud readiness” of software products are visible in airports, print media and on TV, and surveys predicting the rapid adoption of cloud computing solutions appear regularly. But how do cloud computing solutions affect the production of electronic documents and information in a litigation setting?

Smart Business spoke with James P. Martin, CMA CIA CFE, managing director of Cendrowski Corporate Advisors, regarding the issues that can arise when attempting to obtain information when a party has information stored in the cloud.

What is cloud computing?

Cloud computing describes an IT model in which computing resources can be obtained and utilized on an as-needed basis; this is why cloud computing is often referred to as ‘utility computing.’ The end user is provided a turnkey solution that is supported and maintained by the service provider at a remote location.

Cloud computing is enabled by rapid, reliable Internet communications, and, in fact, ‘the cloud’ is a term referring to the pool of resources hosted on the Internet.

What are some common cloud solutions that should be considered in litigation?

Cloud computing applications include hosted email products, such as Gmail or Hotmail, picture hosting services, text message services, hosted document processing, as well as social media services such as Facebook, Myspace, or dating sites. These sites would potentially have data that could be relevant to the litigation.

How does a cloud solution affect electronic discovery?

Moving to a cloud computing solution does not remove an organization’s document retention requirements, and many cloud solutions tout their ability to help the organization meet statutory requirements.   If the cloud vendor performs services to the public, access to the data stored in that solution would be subject to the restrictions of the Stored Communication Act.

It is also important to understand that this is an emerging area of law. Third-party solutions are evolving rapidly, and social media services are creating issues and carrying information that was inconceivable a few years ago. The legal system is dealing with emerging issues related to these new technologies and case law is changing rapidly.

via How electronic discovery during litigation is impacted by information stored in the cloud | Smart Business.

Why “Password1″? Because “it satisfies the default Microsoft Active Directory complexity setting,” the IT security research firm noted. In other words, it’s got a capitalized letter, a number, and the requisite number of characters to qualify under basic password security settings.

via ‘Password1′ is the No. 1 Password Employed by Business Users | News & Opinion | PCMag.com.

Designed to staunch the bleeding of capital from the U.S. to secret bank accounts, FATCA is clamping down on overseas earnings but its unintended consequences are threatening to undermine investment in the U.S.

Buried within the $17.5 billion Hiring Incentives to Restore Employment (HIRE) Act, the Foreign Account Tax Compliance Act of 2009 (FATCA) was signed into law on 18 March 2010- a prosaically named act with potentially calamitous consequences.

With substantial extraterritorial effect it will make financial institutions the world over U.S. Treasury watchdogs – tracking and recording the flow of U.S. source income irrespective of location. It also has the potential to impinge upon a wide range of transactions (e.g. derivatives) which have no ostensible connection to the U.S. at all.

via Foreign Account Tax Compliance Act threatens investment in the U.S..

FIPS is a U.S. government standard certified through the National Institute of Standards and Technology (NIST). The standard treats a certified device or application as a cryptographic module, and a FIPS certification means the modules meet strict security and interoperability standards. FIPS certification is required for many branches of the government and its contractors, as well as for private industries that collect and transmit Sensitive But Unclassified (SBU) information.

“Samsung proactively sought FIPS certification to show our current and potential government and business customers that we take their security and interoperability needs seriously,” said Cho BumCoo, a Samsung vice president, in a statement.

via Samsung Galaxy Devices Get Important Security Clearance | PCWorld Business Center.

The FTC announced on Tuesday that it had provided Epiq (NASDAQ: EPIQ) early clearance of antitrust concerns to buy De Novo Legal LLC.

Epiq, a software company that supports the legal profession in electronic discovery and document review services, ranked 20th on the Kansas City Business Journal’s list of area public companies, based on revenue of $247.17 million in 2010.

Representatives of Epiq and De Novo could not be reached immediately for comment. A De Novo employee declined to answer questions about company details, including a current employee count, saying that there had been recent changes.

via FTC clears Epiq’s planned purchase of De Novo Legal – Kansas City Business Journal.

Gifts can be particularly problematic for antibribery compliance programs. Thirty-eight countries have adopted the Organisation for Economic Co-operation and Development’s Antibribery Convention and enacted laws against foreign bribery. Both the FCPA and the U.K. Bribery Act prohibit gifts intended to influence decisions to award business or gain an improper benefit from foreign political or government officials, including employees of state-controlled entities. The U.K. Bribery Act and the U.S. Travel Act both outlaw commercial bribery involving gifts intended to influence business decisions.

via How to Keep Your Company Off of the Government’s Naughty List.

What is E-Discovery?

E-discovery is a broad term used to describe any situation in which electronic data, such as email or internet postings, are sought in a criminal or civil case. The discovery process allows plaintiffs and defendants to exchange information during pretrial preparation, and the court will actually compel information to be turned over if it’s relevant or “probative” to the case.

In days past, discovery was limited to phone records, paper documents, and the like, since those were all that existed. Records were available only of the things people had chosen to write down, and the extensive amounts of paperwork turned over in cases were cumbersome to go through.

Today, however, e-discovery is changing the game. According to figures compiled in a recent Law.com2 article, Twitter users send more than 200 million status updates every day, and people on the internet send 13,800,000 messages every single hour. All these tweets and emails and instant messages and Facebook posts and chats that are flying around cyberspace create a written record of things that might otherwise have been discussed over the phone or in person. Because the records are digital, all of the data and information are stored somewhere and rarely eliminated, no matter how hard you try to get rid of the data. Further, the digital format makes it easy to sort through data quickly to find relevant information.

These online communications are generally not privileged except in certain unusual and limited circumstances. This means that all of these records can be accessed as part of e-discovery, and they can have a significant impact on litigation by providing evidence of things that otherwise might have been unprovable. For example, according to USA Today,3 the twins who sued Facebook CEO Mark Zuckerberg argued that evidence existed in instant messages that would prove that Zuckerberg had stolen the idea for Facebook from their own website plan. Although a judge dismissed the twins’ suits, it’s easy to imagine a case in which a message sent and forgotten many years ago could be uncovered and used in litigation.

via E-Discovery: What Businesses Should Know | The Small Business Authority | Small Business Services and Small Business Solutions.

FINRA was formed in 2007 from the consolidation of the National Association of Securities Dealers (NASD) and member regulation, enforcement and arbitration operations of the New York Stock Exchange. It is the largest non-governmental regulatory organization for securities brokers and dealers doing business in the United States. The MOU joins others maintained by the OSC with regulators such as the SEC and the China Securities Regulatory Commission.

The deal is expected to enhance the ability of both regulators to oversee securities firms and markets. The arrangement will facilitate the exchange of information on firms and individuals under common supervision and support collaboration on investigations and enforcement matters.

via Regulators to cooperate on cross-border compliance concerns.

The FCPA is our nation’s effort to prevent companies from bribing government officials to secure business in a foreign country. Companies found guilty of paying bribes, or of failing to accurately describe the bribes in their financial records, have had to pay billions of dollars in fines and have faced the possibility of debarment from government contracts. Why so much money? Under U.S. law, companies are responsible for the acts of their employees even if management is unaware of the employee’s conduct. A typical scenario involves a company executive hiring a foreign consultant to help negotiate a contract with a particular ministry for the sale of a product or service. Unknown to management, the consultant’s fee includes a bribe to a foreign official.

Although intended to level the playing field, the FCPA has actually made it harder for U.S. companies to compete in the marketplace. Money that a company could have used to hire employees, build plants and market its products has been diverted to efforts to show that any illegal conduct was the act of a rogue employee.

If the bribe is uncovered, the company has no defense to criminal liability. Even though the bribe was not authorized by management, no one in management was aware of the bribe and the bribe was specifically against company policy, the company is criminally responsible. The only thing the company can do is try to convince the government not to charge it with a crime.

How does a company do this? Primarily by showing the U.S. Department of Justice that the company had a compliance program designed to prevent such conduct. Companies must evaluate their business environment to identify areas where unlawful conduct might occur. Such an evaluation must include an examination of the business culture of the foreign nation and even a boots-on-the-ground investigation of the company’s foreign partners or intermediaries. Companies must promulgate policies that detail permitted and prohibited practices, and employees must receive regular training on permitted practices and the penalty for noncompliance.

via Reform the Foreign Corrupt Practices Act.

The guidance allows that cyber risk is uncharted territory.1 “Although no existing disclosure requirement explicitly refers to cybersecurity risks and cyber incidents,” explains the Division, “a number of disclosure requirements may impose an obligation on registrants to disclose such risks and incidents. In addition, material information regarding cybersecurity risks and cyber incidents is required to be disclosed when necessary in order to make other required disclosures, in light of the circumstances under which they are made, not misleading.”2

Gauging what degree of risk rises to the level of materiality not unsurprisingly remains a judgment call. The Division suggests prior cyber incidents, their severity, their “quantitative and qualitative magnitude,” and the possible costs and consequences as factors underlying proper evaluation.3 Still, the risks should be identifiable and not descend into yet another element of boilerplate disclosure.4

The Division has proposed non-exhaustive examples of the kinds of cyber risks and incidents appropriate for disclosure. These topics include:

Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences;

To the extent the registrant outsources functions that have material cybersecurity risks, description of those functions and how the registrant addresses those risks;

Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences;

Risks related to cyber incidents that may remain undetected for an extended period; and

Description of relevant insurance coverage.

via Cybersecurity Disclosures: The SEC Wants Them and Wants Them Now.