July 2008
S M T W T F S
    Aug »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Legal Disclaimer

Your use of this Blog does not create an attorney-client relationship. Your e-mail or comments do not create an attorney-client relationship. We have no duty to keep confidential the information that is submitted to this blog. This blog is not a substitute for, nor does it constitute legal advice. Only an attorney who knows the details of your particular situation and is properly licensed in the applicable state (or states) is able to appropriately and properly address any legal issues you may have.

Blog Categories
«  
 

E-Discovery Vendors, in Texas, Who Analyze Content of Computer Files Required To Be Licensed Private Investigators

By Robert Hudock, on July 10th, 2008 Print This Post Print This Post

In 2007, the Texas Legislature passed HB 2833 (available at www.legis.state.tx.us/tlodocs/80R/billtext/html/HB02833F.htm) amending the Texas Occupations Code to include analysis of computer data as a regulated service. TEX. OCC. CODE § 1702.104. The law (as amended) includes content-based analysis of computer files as a regulated service. Computer repair or support services that perform investigative services are also required to be licensed as private investigators.

An early opinion by the Texas Attorney General interpreting a specific statutory exception for attorneys– exempts
those working for attorneys in an employer/employee relationship (e.g. paralegals) from section 1702.101. Tex. Atty. Gen. Op. GA-0275.  H.B. 2833  amended section 1702.133(b), of the Occupations Code, to provide that “a private investigator
who is working under the direct supervision of a licensed attorney satisfies the requirement of a license holder or an officer, director, partner, or manager of a license holder, to disclose information that the individual obtains relating to a criminal offense by disclosing the information to the supervising attorney.” See www.legis.state.tx.us/tlodocs/80R/analysis/html/HB02833H.htm.

Section 1702.101 requires that a person may not act as an investigations company unless the person holds a license as an investigations company. An investigations company is a person who performs the activities
listed under section 1702.104 of the Texas Occupations Code. TEX. OCC. CODE § 1702.002. A non-profit legal aid organization has recently brought an action on behalf of a computer repair company owners who believe that the amendments to 1702.104 will prohibit computer repair companies from troubleshooting and repairing customer computers. Rife
v. Texas Private Security Board, Travis County District Court (June 26, 2008)(discussion of the underlying legal theory is avaliable at www.ij.org/first_amendment/tx_computer_repair/index.html).

However, a recent opinion concluded that network vulnerability testing firms are not required to be licensed private investigators under the Private Security Act, Chapter 1702 of the Texas Occupations Code. Activities included within this exception include:

  • Scans to determine whether there are vulnerabilities within a company’s internal network;
  • War dialing;
  • Risk assessment and analysis of all computers connected to a company’s internal network; and
  • Associated reports.

The recent opinion reasoned that: “Because the Private Security Bureau does not regulate software designers, installers, or suppliers, it also does not regulate those who provide consulting services related to computer network security.”
www.txdps.state.tx.us/psb/docs/psb_opin_sum.pdf.

Based on a recent opinion the Texas Statute can potentially include e-Discovery vendors that process and review content of computer files.  In such instances the vendor would be required to be a licensed private investigators. Id. However, the recent opinion has interpreted to the Statute to with respect to e-Discovery vendors (provided the following conditions are met and only the listed activities are undertaken– the vendor would be exempt) :

  • The company must not obtain or secure data by way of an investigative analysis;
  • The company must not not analyze or review the content of the data;
  • The company may processes the data (provided by others) in order to create a database that can be searched by the lawyer/clients; and/or
  • the company may reproduce or retrieve the documents or images upon the request of attorneys. Id.

Accessing email of a given individual, analyzing temporary files, restoring deleted data based on an analysis of the file system would be prohibited activities.  It appears vendors may collect data (that does not require any analysis to collect), e.g., vendors may image computers.  After relevant files are identified by an attorney (or licensed private investigator), the vendor then may load the data into a document review platform.  Any type of forensic recovery, applying search terms, and modifying data to make said data generally avaliable — would be a prohibited. http://www.txdps.state.tx.us/psb/docs/psb_opin_sum.pdf

The relevant section provides:

Consequently, we would conclude that the provider of computer forensic services must be licensed as an investigator, insofar as the service involves the analysis of the data for the purposes described above.  With respect to the statutory reference to “securing evidence for use in court,” we would suggest that the mere accumulation of data, or even the organization and cataloging of data for discovery purposes, is not a regulated service. Rather, in this context, the Bureau would interpret the reference to “evidence” as referring to the report of the computer forensic examiner, not the data itself. The acquisition of the data, for evidentiary purposes, precedes the analysis by the computer forensic examiner, insofar as it is raw and unanalyzed. The mere collection and organization of the evidence into a form that can be reviewed and analyzed by others is not the “securing of evidence” contemplated by the statute. (emphasis added) (avaliable at www.txdps.state.tx.us/psb/docs/psb_opin_sum.pdf)

The penalties are significant, for hiring someone not properly licensed under (or not exempted) from section 1702.101.  A person who contracts with or employs a person who is
required to hold a license under section 1702.101, certificate of registration, or security officer
commission under this chapter (knowing that the person does not hold the
required license) may be fined up to $10,000 for each
violation. TEX. OCC. CODE § 1702.381 (commentary avaliable at www.legis.state.tx.us/tlodocs/80R/analysis/html/HB02833H.htm).

 Digg  Facebook  StumbleUpon  Technorati  Deli.cio.us 

Related posts:

  1. File Identification Tool — Good Product for Identifying Encrypted Files. I recently identified an excellent product for identifying encrypted files...
  2. 9th Circuit Decision in LVRC Holdings Rejects 7th Circuit’s Holding in Citrin Based on a Motivation Theory of Liability Under the Computer Fraud and Abuse Act The Ninth Circuit rejected an employer’s argument that a former...
  3. Avoiding Rule 37(f) Safe Harbor Protection in Absence of Specific Electronic Discovery Requests Information not originally thought to be relevant may become a...
  4. Analysis of Former Employee’s Laptop Can Raise Privilege Issues In Stengart v. Loving Care Agency, Inc. et al. ,...
July 10th, 2008 | Tags: | Category: E-Discovery | Leave a comment Print This Post Print This Post

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Improve the web with Nofollow Reciprocity.