Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 62 – eDiscovery and Litigation Hold Policy

Effective November 3, 2022

View All Sections >

49190.6 Roles and Responsibilities

  • Department Chief Information Officer (CIO) or Designee

    • The CIO or Designee owns this policy and is responsible for ensuring that all users of department information assets are aware of this policy and acknowledge their individual responsibilities.

    • The CIO or Designee is responsible for ensuring that this policy is reviewed annually and updated accordingly.

    • The CIO or Designee is required to audit and assess compliance with this policy at least once every two (2) years.

    • The CIO or Designee is responsible for establishing eDiscovery teams in order to efficiently and properly coordinate the responses to PRAPublic Records Act requests and information, audit, archive and legal proceedings.

  • Department Information Security Officer (ISOInformation Security Officer)

    • The ISOInformation Security Officer is responsible for the oversight of all department data preservation and compliance requirements and ensures that all applicable standards and guidelines are maintained and reviewed regularly.

    • The ISOInformation Security Officer shall assist in the development of data preservation, planning, and production of entity data assets.

    • The ISOInformation Security Officer shall assist the RMC, RMACs, Owners of Information Assets, and Information Asset Custodians with ensuring that data preservation, storage, integrity, and delivery meet the SAMState Administrative Manual 5310, 5310.5, 5310.6 and SAMState Administrative Manual 5305 requirements for security and privacy.

  • Department Owners of Information Assets and Program Management

    • Owners of Information Assets and program management supporting the department mission, state essential functions, or critical infrastructure shall participate in records retention processes, and ensure data is classified, labeled, and managed according to defined standards.

    • Owners of Information Assets supporting the department mission, state essential functions, or critical infrastructure shall ensure that records management is incorporated into standard business operation practices.

    • Owners of Information Assets shall ensure that all pertinent data that is required for the eDiscovery process is preserved and maintained according to the department’s defined standards.

  • Department Information Asset Custodians

    • Information Asset Custodians shall only assist with authorized data collection and preservation requests.

    • Information Asset Custodians shall ensure that the integrity of the data collection and preservation process is maintained and the request is fulfilled.

    • Information Asset Custodians shall ensure the requested data is secure and available to the legal team as needed.

  • Department Legal Counsel

    • Legal Counsel shall provide the department eDiscovery designee a written notice to suspend routine or intentional purging of relevant data including overwriting, reusing, deleting, or any other destruction of electronic relevant information.

    • Legal Counsel shall notify appropriate parties when the obligation to retain the preserved data ends.

  • Department Records Management Coordinator (RMC) and Records Management Assistant Coordinator

    • The RMC, pursuant to Gov. Code 12274, shall assist the RMACs, Owners, and Custodians of Information Assets in establishing appropriate data retention periods.

    • The RMC shall assist in training identified RMACs and entity staff in records retention.

    • The RMACs shall ensure that required data retention periods are maintained and data beyond the lifecycle of established policy is properly disposed.