- change ups
LQ: Corporate Data Policies Needed
Professor Alan F. Blakley of Thomas M. Cooley School of Law is keenly familiar with the process of acquiring and using electronic information in the litigation process and has written a couple of books on the subject.
“One of the greatest problems in electronic information is the proliferation of it,” Blakley said. “If electronic information is not sorted, and irrelevant or old information is not destroyed, there will be an incredible amount of work and cost involved should litigation occur or should you need to find a particular piece of information.”
As Blakley notes in his most recent work, “The Digital Litigation Handbook,” corporations have complained that digital information and its use in litigation force businesses to plan their business processes based on potential litigation rather than on business concerns. His book details the issues involved in digital information — from the beginning of the creation of the information, through its discovery during litigation, to its use at trial.
“The problem that businesses face is that back when everything was paper, there was a natural limit to what you would save. There was a space limitation,” he said. “Now you can save hundreds of thousands of documents electronically in the space no bigger than your purse. It’s a lot easier to save material; consequently, when you get involved in litigation, there’s a lot more for both sides to find. It all goes back to how businesses set up their practices for e-mail and document retention and destruction, and their policy for sorting e-mail and documents and deciding what to keep.”
Some people may not be aware that “deleted” information can linger around for a while on the hard drive, thus creating a digital trail.
“If the litigation has started, and I find out you have deleted all these documents that are relevant to the litigation after it started, I’m going to start asking questions about why you deleted them, and your computer is going to be able to tell me when you deleted them. The best way to ensure that you’ve destroyed a document on your computer is to destroy the hard drive.”
Many current voicemail systems, for instance, are digital and run through the company’s server, so even after an employee deletes voicemails, they can exist on the hard drive for a time. When a computer deletes something, it doesn’t really get rid of it, it just renames the file and tells the system, “Here’s some space that you can write over if you need the space,” Blakley explained. Even “deleted” information that has been partially overwritten on the hard drive can be reconstructed with software applications that fill in missing information based on the information surrounding it. The same goes for a photo. There are computer applications that look specifically at metadata to pinpoint the whereabouts of documents and photos.
“So the very clever people that are trying to get around it can’t necessarily get around it,” Blakley said. “If a business is trying to hide something, very likely it’s going to be found. That’s even worse than just giving it up; if it’s a very bad thing and you hide it, and there’s evidence that you hid it, that’s even worse than if you just gave it up in the first place.”
One of the problems Blakley sees right now is a disconnect among IT departments, general counsel, upper management, risk management and disaster recovery. General counsel knows the law, IT knows the day-to-day technology stuff and may have actually put some policies, procedures and practices in place for document destruction at regular intervals, but upper management may not be directly connected to either of those departments and may just assume everybody is doing their job. Risk management may or may not be communicating with people that electronic information is a risk that needs to be managed and coordinated. As far as disaster recovery, if all the servers crash and burn, how will the company bring the system back up?
There needs to be communication among those various departments on a regular basis, and somebody to coordinate it, Blakley said.
“You may find that IT has a great set of policies to manage and sort documents and do the custodial-type work of throwing out the bad stuff, but disaster recovery may be backing up all the servers — maybe a couple of times a day— and keeping all the backup media for a month. If IT and disaster recovery aren’t communicating, there may be a lot of documents still existing that IT isn’t aware exists.
“Unless upper management is really committed to the process, more and more employees will avoid the rules of IT. And if upper management doesn’t understand the need for an e-mail policy and doesn’t uphold (it), employees aren’t likely to abide by it either.
“It needs to be a pervasive experience for the business,” Blakley concluded.
He recommends these five basic guidelines for electronic information:
- Know the extent of the electronic information available in your business. Whether the business is a manufacturing company, a consulting firm, a retail outlet, or a law firm, know where electronic information is likely to reside in the computer. Is it in USB thumb drives, voicemail systems, in fax or scanning equipment, or in other communications devices?
- Identify the information you have and what format it is in. Become familiar with different types of electronic information and what might exist in any one of the media being used, including “deleted” information that can be recovered, archived information, legacy data and backup media.
- Implement and enforce a reasonable electronic policy that includes a policy on e-mail and Internet use, as well as a document sorting, retention and destruction policy. Management should be committed to the policy, should ensure that employees are trained in the policy and should then enforce the policy.
- Train employees in the proper use of electronic information and e-mail. The first rule of e-mail, according to Blakley, is not to write anything in an e-mail that you wouldn’t want published on the front page of The New York Times. Beware of e-mail strings; any e-mail can be forwarded to 1,000 of the recipient’s closest friends, and the more inflammatory, the more likely it is that someone will forward it. Rule No. 2: Don’t save something just because you can.
- Learn about electronic information because it’s here to stay. If there are any terms having to do with electronic information that you don’t understand, you’re asking for trouble. Catch up on the learning before it’s too late. LQX