Here's Why You and Your Clients Need An ESI Policy
When I start speaking at conferences and CLE seminars on the need for ESI Plans (also called Document Retention and Destruction Plans), eyes start glazing over. I know it is not a glamorous topic. I know that it seems like expensive drudgery. I know it doesn't seem contribute to a client's ROI. But cases are being lost because of missing and inadequate ESI Plans.
In Jerily Quon et al. v Arch Wireless and the City of Ontario, et al. the issue was text messages sent and received on City-owned pagers. These pagers had a 25,000 character limits that were sometimes exceeded. Employee text messaging was not monitored or audited, although it was supposed to be for City business and not for personal benefit or gain. Employees were told that their usage would not be audited if they paid the overage any time there was one. They had been paying the overages when they occurred.
The "bill collector" got tired of this role and conducted an audit, ostensibly to see if the 25,000 character limit was sufficient. A major point in the opinion was that the employees had a reasonable expectation of privacy because of the "no-audit-if-you-pay-overage" policy. Since several of the messages were of a sexual nature and between a husband and wife, I assume they did expect privacy.
The Ninth District ruled that the City had no right to the text messages. As with many opinions, the discussion is complex and involves multiple concepts and precedents. I'll let attorneys mull this one over, but I will comment on its practical implications.
How did it happen? The ESI policy was out of date and made no reference to text messaging. The "Bill Collector" established a policy in practice that was not in writing and not approved. The written policy was clear that employees had no expectation of privacy concerning files stored on the City's servers, but the text messages were stored on the Arch Wireless servers.
I've read at least one blog arguing that now employers have to start paying to archive anything their employees store at a third party location. It's not the third party location that is the issue, it is the ESI policy that told employees they had a reasonable expectation of privacy at that third party site.
I'm interested in hearing about what organizations are actually doing to create and update their ESI policies AND what law firms think their role should be in encouraging the practice.
