The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


Legal Hold Doesn't Mean Hold On To Everything Indefinitely!

See Article Here

It’s funny being able to speak multiple languages, you can see first hand how terms are misconstrued and interpreted in various ways. In house counsel says to IT, “place a legal hold on all things related to our case with Company A.” The IT person says “The lawyers said do not delete anything!”

You know the problem right? The fact is that data management is a challenge on a good day! Even if a company thinks it knows where all the relevant data is located, they can not be certain that the same data doesn’t exist in an unstructured format, i.e. email, spreadsheet, word documents, etc. Which is why the knee jerk reaction from IT is to not delete anything! They want to keep it…. just in case. But once the hold is lifted, who is responsible for going back and pressing delete?

Data management can be defined as an administrative process that includes acquiring, validating, storing, protecting, and processing data. It also includes data classification and data destruction. Company’s will always have difficulty with data management because day to day operations do not necessarily support the concept of centralize management of data. To do their jobs more effectively and efficiently employees often take the data out of the data base and use it in places that they can manipulate the data, like a spreadsheet. Once the data is moved out of the central repository control is lost. Lost control means you can’t place a legal hold on it.

In the past I have often given the advice that organizations should establish the business practice of routinely delete data, after a certain amount of time. If all data that is over 90 days old is deleted as a matter of business practice, you don’t have to worry about the information bloat that can happen. Stay lean so when the legal hold is ordered you only have to worry about the data that falls within the 90 day business practice.