Computer Forensics & E-Discovery Specialist : Electronic Evidence Retrieval L.L.C. : Data Recovery, Hard Drive Retrieval, Deleted Files : New Orleans, Louisiana

When I start speaking at conferences and CLE seminars on the need for ESI Plans (also called Document Retention and Destruction Plans), eyes start glazing over.  I know it is not a glamorous topic.  I know that it seems like expensive drudgery.  I know it doesn't seem contribute to a client's ROI.  But cases are being lost because of missing and inadequate ESI Plans.

In Jerily Quon et al. v Arch Wireless and the City of Ontario, et al. the issue was text messages sent and received on City-owned pagers.  These pagers had a 25,000 character limits that were sometimes exceeded.  Employee text messaging was not monitored or audited, although it was supposed to be for City business and not for personal benefit or gain.  Employees were told that their usage would not be audited if they paid the overage any time there was one. They had been paying the overages when they occurred. 

The "bill collector" got tired of this role and conducted an audit, ostensibly to see if the 25,000 character limit was sufficient.  A major point in the opinion was that the employees had a reasonable expectation of privacy because of the "no-audit-if-you-pay-overage" policy.  Since several of the messages were of a sexual nature and between a husband and wife, I assume they did expect privacy.

The Ninth District ruled that the City had no right to the text messages.  As with many opinions, the discussion is complex and involves multiple concepts and precedents.  I'll let attorneys mull this one over, but I will comment on its practical implications. 

How did it happen?  The ESI policy was out of date and made no reference to text messaging.  The "Bill Collector" established a policy in practice that was not in writing and not approved.  The written policy was clear that employees had no expectation of privacy concerning files stored on the City's servers, but the text messages were stored on the Arch Wireless servers. 

I've read at least one blog arguing that now employers have to start paying to archive anything their employees store at a third party location.  It's not the third party location that is the issue, it is the ESI policy that told employees they had a reasonable expectation of privacy at that third party site.

I'm interested in hearing about what organizations are actually doing to create and update their ESI policies AND what law firms think their role should be in encouraging the practice.

• Email This
• Print
• Comments & Questions
• Trackbacks (1)

I've been concerned about the "safe harbor" rule in the FRCP e-discovery amendments.   The amendments acknowledge that it is normal to destroy ESI.  Examples include updating an address in a database, recycling backup media, and overwriting deleted files.  The rules say that if you are in litigation, if you have deleted relevant ESI, and if you can demonstrate it was done in the routine course of business and in good faith, then the safe harbor rule protects you from sanctions.

The way to do this is with a Document Retention and Destruction, "DRD" policy plus a monitoring plan that shows that you follow the policy.

Large organizations who are regularly in involved multiple litigations quickly understood the need for positioning themselves to take full advantage of the safe harbor rule.  But smaller companies don't always understand the importance of bringing their business practices into compliance.

I urge attorneys to do their clients a favor and tell them about this risk.  Small "Mom and Pop" businesses can get by with a Word document and a spreadsheet.  Larger organizations will require larger systems, but there are many options available.

Have your clients look at it this way: keeping old materials out of their files and hard drives is good business. They save money, have less risk of exposing confidential information, need new computer storage less often, and have the peace of mind that if the unthinkable-the dreaded litigation-comes along, they are prepared and protected. I tell my clients that systematically destroying old documents is like brushing your teeth twice a day, good business hygiene.

Savvy judges are on the DRD bandwagon: "I'm telling you, as long as you have a defensible, documented plan for ESI in place, you shouldn't have to worry…." Judge Lee H. Rosenthal of the U. S. District Court for the Southern District of Texas.

• Email This
• Print
• Comments & Questions
• Trackbacks

In Perfect Barrier LLC v. Woodsmart Solutions Inc., 2008 WL 2230192 (N.D. Ind. May 27, 2008), Perfect Barrier provided search terms and requested that Woodsmart provide all emails containing those terms.  The production was voluminous, 75,000 emails, and provided in native form.  After losing a motion on the categorization of the emails, Perfect Barrier then sought to force Woodsmart to reproduce the emails in hardcopy!  A motion that they also lost.

What strikes me about this is the oddity of asking for hardcopy when Perfect Barrier had the emails in an electronically searchable form with their metadata intact.   There are many tools to work with the emails electronically--providing searching and sorting at a minimum.  They were much better off with the emails as produced.

As I've advised before, there are two lessons to be learned from this case.  First, your initial discovery request for ESI should include the form in which you want it produced.  And secondly, to avoid excess production, test your search terms before turning them lose on the documents.  As Magistrate Judge Paul Grimm said, "All keyword searches are not created equal."

• Email This
• Print
• Comments & Questions
• Trackbacks