Article Author: U.S. Attorney’s Office
May 31, 2012

SACRAMENTO, CA, USA—Michael Garcia, 39, of Stockton, was sentenced today by United States District Judge Morrison C. England Jr. to 57 months in prison for fraud in connection with computers and in connection with an access device, United States Attorney Benjamin B. Wagner announced.

According to court documents, Garcia was employed as a technician by a contractor that provided information technology (IT) assistance to third parties. While employed there, Garcia accessed the computer servers of a law firm and an accountant firm without their knowledge or authorization and downloaded the personal information of more than 1,450 clients and employees. Garcia maintained this information on his computer and elsewhere.

According to court documents, Garcia and others used this personal and financial information to make counterfeited identification documents including driver’s licenses and military identification. They used the information to open bank accounts, draft bank checks, make cash withdrawals, obtain loans and lines of credit, and make unauthorized purchases. Additionally, Garcia accompanied others who wore stolen U.S. Customs and Border Protection uniforms to carry out certain fraudulent transactions, such as cashing checks, in the belief that the uniforms gave them more credibility. When arrested, Garcia possessed counterfeit California driver’s licenses, one of which bore his photo but with the name of a victim. The loss is more than $136,000.

Today in court, an employee of the accounting firm where Garcia unlawfully accessed the personal financial information told of the severe hardship suffered by the firm because of Garcia’s actions, as well as the personal toll she experienced because of Garcia’s breach of trust. Judge England commented that identity theft cases, particularly those where there has been an abuse of trust, negatively affect many lives.

This case was the product of an extensive investigation by the Federal Bureau of Investigation and the San Joaquin County Sheriff’s Department. Assistant United States Attorneys Todd Pickles and Robin Taylor prosecuted the case.

Story reprinted from FBI Website

Article Author: Randall Beach
Twitter @rsbeach
June 12, 2012

Where is your data? If your company was asked this question 25 years ago, the answer would most likely be an easy one. Your company’s data was on the few computers it had in the office, on employees’ desks and in the file room (the physical one down the hall). Today, the answer to that question is far more complex. Your company’s data is likely stored on internal servers, cloud servers, desktops, laptops, touchpads, smart phones, social media sites and, just maybe, employee desks and the file room down the hall.

Why does the location of your data matter? America is the most litigious society in the world. That means, sooner or later, your company will be a party in a lawsuit. One of the first phases of law suits is discovery. That is when the other party is allowed to ask for and review your data. In general, when the other party asks for your data, you have to produce it.

If you don’t know where your data is, producing your data will be time consuming and very expensive. Imagine having a discovery order that requires a data review of all your employee’s smartphones, computers, and iPads! Imagine having to expand that to your company’s social media pages, or even those of your employees. If all of this imagining is not turning into a nightmare, you need to imagine harder.

E-discovery has been around since communications began to be transmitted via 0s and 1s. Discovery orders routinely include electronically stored information (ESI) within the span of items to be produced. ESI includes such things as emails, voice mails, texts, instant messages, data stored on the cloud, data stored on mobile devices, and, now, social media postings and other user generated content.

The inclusion of social media content within discoverable ESI was established in the 2010 case of EEOC v Simple Storage Management. In that case, the court ruled that social media content must be produced if it is relevant to the case at hand. Scarily, the Simple Storage court held that the permissible scope of discovery in that case included “any profiles, postings or messages (including status updates, wall comments, causes joined, groups joined, activity streams and blog entries) revealing or relating to emotion, feeling or mental state.” A shorter way of saying that would have been everything.

So what does this all mean for your company? First, your company needs to assert control over its data. There should be clear policies regulating how and where company data is stored. If you allow a wild west, anything goes, atmosphere to engulf your data, there is high potential of embarrassment and high cost.

Second, you need to make it very clear to your employees that social media is included when it comes to data control. Develop policies that protect your data from landing on social media platforms, and alert employees to the fact that social media content can be discoverable.

In the end, there will always be the risk of a rogue employee or hacker. There will always be innocent mistakes and data seepage. The critical thing is to make sure your company moves forward with eyes wide open and asserts control where it can. Make sure that most nights, you know where your data is and where it will be in the morning.

Story reprinted from Social Media Today website