Electronic Records Management

By Alan J. Ross

Compliance training. The organization must also ensure compliance by employees. Staff must be educated about the retention policy, how it works, what their own role is in implementing the policy, and why it is important. Employees should understand the consequences—to the company and to their own careers—of either carelessly destroying or needlessly retaining data.

Documentation. The entire record retention policy, including every aspect of its adoption and the issues considered, must be documented. It is especially important that all data destruction be documented with regard to what was destroyed, when, why, and how, with the recognition that the destruction of specific records may become an issue in the event of future litigation. Thorough documentation will help the company establish the reasonableness of its actions in a court.

Enforcement. It is not enough to simply create an electronic records policy. The policy must be enforced in a way that is uniform, reasonable, and in good faith. To that end, employees should be held accountable for how well they follow these procedures, and their compliance efforts should be factored into their employment evaluations.

The company should also set up an oversight authority composed of members of the business and legal staff, as well as relevant IT personnel. This committee should be responsible for formulating the policy, communicating it to employees, and educating them on the importance of proper implementation and the actual procedures to be employed.

The committee should arrange employee training as needed and ensure that resources are in place to carry out the policy. The committee should also ensure that the policy is being followed by conducting periodic compliance reviews. It should periodically revise the policy to reflect changes in staff or organizational structure, business practices, technology, and legal or regulatory requirements.

Witness in waiting. The organization should also identify a person who will be called on to testify about the organization’s document retention policies. Most likely, this will be the person who is knowledgeable about the policy, the company’s computers, and the realities of records management at the company. However, most importantly, the person must have the ability to testify credibly in a courtroom.

The person chosen to testify would most likely to be a security professional. A company would not call its CEO or general council to testify about document destruction policies because of the obvious conflict of interest. The company’s IT professional would generally be passed over as well because of the temptation for him or her to present too much technical information to the court.

This person need not be named in the document destruction policy, but whoever is chosen should be trained to testify in a courtroom. This training does not need to be conducted in advance of a lawsuit, but when the occasion arises, detailed training is essential. Evidence presented incorrectly could be devastating to the company.

Pending litigation. A duty to preserve electronically stored records is triggered when a party learns that the evidence is or may be relevant to litigation. The duty to preserve extends to those employees likely to have relevant information in the case. The plan must, therefore, include procedures for suspending routine retention and destruction procedures for material relevant to pending litigation.

The plan should provide that documents be put on hold immediately in the event of pending litigation, and that any employees—as well as any outside counsel and directors—likely to have relevant documents in their possession, such as on computers they use or control, would be notified that they must legally retain their documents. Counsel should determine in advance how best to distribute instructions regarding a litigation hold on document destruction to employees and how to ensure that those instructions are followed.

In addition, all activities related to the litigation hold must be documented, including all advance preparation. This step serves two purposes. It helps organize the litigation hold effort, and it provides a record for potential future use in defending against a charge of inappropriate document destruction.

Counsel should instruct employees as to what must be preserved and meet with the IT department to determine the parameters of the hold. Documents should be described in broad categories, and broad timeframes should be identified.

For example, if the company is embroiled in a lawsuit with former employee Smith, counsel should inform employees to retain all e-mails that mention Smith, all e-mails sent or copied to Smith, and all e-mails that originated from Smith’s computer. Counsel should follow up with these employees to ensure that the notice was understood and is being implemented on an ongoing basis. Failure to do this can result in sanctions directed at both the company and the individuals within the company responsible for the problem.

For example, in Danis v. USN Communications, Inc. (U.S. District Court for the Northern District of Illinois, 2000), the judge found that the CEO of the defendant had “failed to implement adequate steps to discharge [his] duty to preserve documents and information that might be discoverable in this case.”

The judge recommended that the CEO be fined $10,000, although his failures had not prejudiced the plaintiff, because such a fine would, the judge said, be appropriate as a sanction to impress on the CEO the seriousness of the duty of preservation.

The court enumerated the CEO’s failures: He took no affirmative steps to ensure that documents were preserved. He failed to develop a document retention policy either in general or in response to the lawsuit. He did not inform the staff of the lawsuit or the need to preserve documents.

Privilege. In the event of litigation, companies should establish a review process that locates any documents that might contain information that is privileged or a trade secret. They should also work with opposing counsel on procedures for dealing with inadvertent disclosure of privileged documents.

Production of electronic documents increases the risk of inadvertently disclosing privileged documents in two ways: The overwhelming volume of electronic records magnifies the review problems; and electronically stored records include more information than appears on the surface.

An example of the second issue can be seen in reviewing e-mails. It is essential that the producing party review the persons designated for receipt of blind copies, which ordinarily would not appear on a hard copy. Depending on the recipient of the blind copy, privilege could be created or destroyed.

For example, if the blind copy was to the attorney or the client, the e-mail might be covered by attorney-client privilege. For example, if two business associates were discussing a matter for which they needed a legal opinion and one of them sent a blind carbon copy to the general counsel and then later asked him or her for an opinion, that communication could arguably be protected by the attorney-client privilege.

It could also be the other way around, however. The blind copy might destroy the privilege by destroying the confidentiality of the communication. It is critical to keep in mind, however, that communication can only be privileged if it is made in the context of seeking legal advice or services.

To prevent a waiver of the attorney-client privilege, the producing party must take reasonable precautions to avoid inadvertent disclosure of privileged material. Reasonable precautions may involve a specific privileged review by the company’s attorney, well beyond name searching of the documents.

Counsel should consider a negotiated protective order at the start of the case, explicitly providing that inadvertent disclosure of privileged or otherwise protected electronic information is not a waiver. And until the Standing Committee’s proposed rule requiring opposing attorneys to return, sequester, or destroy such information is finalized, counsel may also want to include language to that effect in any negotiated protective order.

Format. Companies should work with opposing counsel to determine the production format they would like any discovery materials to be in: hard copy or electronic, and if the latter, specifically which format, native or image. Historically, most documents have been provided in discovery as hard copies. Lawyers are generally more comfortable using hard copies, particularly in depositions where hard copies are essential; hard copies also allow making notations on documents or highlighting sections.

In recent years, however, the merits of electronic copies have become more evident. Electronic documents are far easier to sort, screen for key terms, and retrieve than hard copies. Electronic documents can also be loaded into a litigation support database, which can be important, particularly in large cases. In that instance, the support software may dictate the production format. 

Producing documents electronically can also be less costly and time consuming. For example, the court in the case of Zakre v. Norddeutsche Landesbank Girozentrale (U.S. District Court for the Southern District of New York, 2004) held that production of evidence in electronic format relieves the producing party from the obligation to organize those documents.

Production in native format—which means giving the requesting party a copy or clone of the format in which the document was first created—is the most likely to preserve embedded data. This format allows the requesting party to preserve metadata, clone the clone, make PDFs from the second clone, and put the PDFs into a document management program, so it’s the most commonly requested. The providing company may be fine with that, or may want to produce PDFs because it is much easier to digitize everything in one format, automatically date stamp it for organization purposes, and then produce it.

Native format documents do have some drawbacks. They are easily altered, and the review of embedded data can substantially increase reviewing time, usually with little relevant information to show for it. Typically, converting the document to PDF or TIFF format, for example, destroys the embedded data, such as information on when the document was created, last altered, last printed, and last opened. But the date and time the PDF was created is recorded, after which it’s harder to alter the data.

Embedded data, as compared to content, involves items such as formatting information on a word document. This is more time consuming to review because it means that numerous pieces of information must be reviewed for each document.

In addition, documents containing privileged information cannot be redacted to produce nonprivileged portions if they are produced in native format.

These are among the issues that counsel will consider in requesting a format. The negotiations will depend on the needs of each party.

In a short period of time, the information age has changed the face of business. And that is now altering the nature of civil discovery. Business organizations must begin dealing with these vast changes now if they are to minimize their potential liabilities and expenses in future litigation.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.