Court Judges Corporation’s Record Retention-Destruction Routine

Phillip M. Adams & Associates v. Dell Inc.

Corporate record retention policies are taking a beating in court.  

Conventional policy instructs employees to look at records on a one-by-one basis and decide according to rational standards what to keep and what to destroy.  Conventional policy further provides that when litigation arises, then a legal hold is applied – that is, record destruction is suspended and relevant records are retained.  Classic records and information management (RIM) theory holds that if a corporation follows such a conventional policy, then the corporation should not be penalized in litigation for improper destruction of records.

But the theory is not holding up.  Over the past decade, legal authorities have looked askance at record destruction policies. 

At an emotional level, the attitude of authorities is, “What?  You’re telling me, big enterprise, that you don’t have any records on the topic of this lawsuit because you told your employees to destroy records (or you set up your system to destroy records automatically unless employees undertake arduous steps to preserve them)?  Explain that to me.  What is the urgency to destroy records in this digital age?   Maybe when records were paper an enterprise needed to rid itself of documents that occupy a lot of real estate and are hard to search.  But e-mail archives do not take up much physical space, and they are amenable to automated search.  I have a pointed question for you, big enterprise:  Did you as a matter of policy winnow down the number of your records so that you could achieve a general advantage in lawsuits?”  

The legal system is unhappy with an enterprise that destroys records for the purpose of positioning itself for future litigation, even litigation that is not specifically anticipated.  The system calls that behavior spoliation.

Phillip M. Adams & Associates v. Dell Inc. is a striking case.  It sanctioned a company for destroying records for some years before the lawsuit was filed or specifically threatened.  In accordance with the company's policy, employees (including an engineer or two) destroyed records, or they refrained from preserving records as the company's computer systems destroyed them. 

Storage space was limited on the company's central e-mail servers.  Servers overwrote (erased-purged) e-mail relatively quickly unless employees made special efforts to preserve them.

Although the company's policy was not fully expressed as a formal, unified document, the court was able to ascertain what the policy was from the company's deliberate practices and their effect.  Said the court, "“[The company's] practices  . . . tend toward loss of data. The practices place operations-level employees in the position of deciding what information is relevant to the enterprise and its data retention needs."

Effectively, the company's policy is what I've termed on this blog the make-a-decision style of records management, where individual employees are supposed to decide what records to keep and what to destroy.

The court essentially felt the policy was unreasonable.

Some commentators think the court made a bad decision because it runs counter to common business practice.  They speculate the court suspected bad faith on the company's part, but couldn’t specifically cite evidence to support that suspicion.  

Regardless of whether the court was right or wrong, the case is consistent with a trend in 21st century law:  the legal system is distrustful of early or aggressive record destruction.  The legal system is providing enterprises a growing basket of incentives to be more generous in retaining records, especially email.

–Benjamin Wright

Mr. Wright is an advisor to messagingarchitects.com.  Messaging Architects organizes workshops on electronic mail policy.

Surveillance Technology Changes Law Enforcement

Municipal Government Referendum on Digital Video and Photography

FOIA as Data-mining by Citizens

Computers change how police investigations work.  Take a traffic citation, for example. In the past, for a police officer to issue a traffic ticket, the officer had to be present at the scene and had to talk to the motorist face-to-face.  At an emotional level – as well as an administrative one -- the police officer was deterred from issuing tickets for minor, technical violations of traffic laws.  

For example, if an officer observed a motorist not quite clear an intersection before the traffic light turned red, the officer might think twice before chasing the motorist down and issuing a citation.  To pursue the motorist takes time away from other duties.  Then, the motorist may argue the officer’s observation was wrong.  Further, the motorist may confront the officer as a human.  The motorist may say by words, body language or the expression on his face, “you are a jerk for issuing me this frivolous ticket.” Police officers don’t like being told (even politely and subtly) that they are hyper-technical jerks.

Digital technology changes this legal proceeding.  A red light camera at an intersection transmits electronic records to a police officer (detective) who is not standing on the street, but seated in a comfortable office.  The records provide evidence that is more fixed than mere memory.  The officer can review the digital evidence in no time and issue the citation with the click of a button.  For the officer, the legal investigation and decision are like playing a dull, unemotional video game.  The officer may issue many more citations than in the past.

Automated traffic cameras can make a motorist angry.  The motorist loses the ability to discuss the situation with the investigating officer at the scene, where the motorist might talk about the danger of slamming on the brakes when a light changes.  With computer enforcement, the motorist just gets a bland notice in the mail with a photograph and possibly web access to a computer video of the event. 

Jim Ash, a citizen of College Station, Texas, feels that the dehumanization of law enforcement is an infringement of privacy, a civil right.  In our electronic age, privacy is an ill-defined notion, but it resonates with people in a democracy.

Mr. Ash is leading a grass-roots voter referendum [see Footnote] to ban red-light cameras in College Station.  He is exploiting the power that modern technology affords individuals – a web site and numerous freedom of information act (FOIA) requests for discovery of voluminous electronic records (including email) maintained by the City of College Station and other local governments in Texas.  He says he has uncovered an email from the mayor acknowledging that red light cameras will cause more rear-end collisions, while possibly reducing other collisions. (Most mayors would prefer that their email be withheld from political activists like Ash.)

Ash has collected about 1000 verified signatures from College Station voters, enough to cause the referendum to appear on a forthcoming ballot.  He plans to deliver the signatures to City Hall management in a rally scheduled for around Noon, July 16, 2009.

Ash is promoting the rally with radio commercials playing in College Station.  Following are two MP3s of the commercials.

Download See you there Track 1

Download You want to see this Track 2

Update:  The College Station City Secretary has confirmed that Ash and his team collected and delivered more than enough signatures to place the red light issue on the ballot for the next election.   Ash has formed a political action committee named Take Back Your City.

Update November 4, 2009:  According to the local TV station, the voters of College Station, Texas, voted to approve the petition initiative against red light cameras.

Update:  This photo shows workers deactivating the red light cameras in College Station, November 24, 2009:

–Benjamin Wright

Mr. Wright is an advisor to messagingarchitects.com, thought leader on electronic records and investigations in modern government.  He also delivers training on cyber defense law under the SANS Institute.

Footnote:  When I originally wrote about Jim Ash's voters' effort in College Station, I called it a "referendum," not having researched or thought about the technical difference between a referendum and a petition initiative under the city's charter or under the Texas law of municipalities.  I have since learned that the effort is a "petition initiative," not a referendum.

Electronic Mail Message Forged

Electronic Evidence | Forensics and Authentication in Police Investigation

For responsible parties like corporations and government agencies, a reason to retain all their e-mail, text and instant message records is to refute forgeries of e-records.  Thorough email archives (including each attachment) provide forensic evidence to invalidate false claims.

Just ask Australia’s prime minister, Kevin Rudd.  His political opponents tried to embarrass him with an electronic mail record purportedly from his senior advisor Andrew Charlton.  The e-mail appeared to show corruption; it appeared to show Rudd’s government conferring a business advantage to Rudd’s friend John Grant.

But fortunately for the government, it retained its own e-mail records for the time in question.  An investigation revealed that the scandalous e-mail was a forgery!  

The investigation proceeded in two steps. First it examined the alleged sender’s digital records.  “Searches by the Department of Prime Minister and Cabinet and Treasury of Dr Charlton's computer and the system of the public service had found nothing.  ‘There have been exhaustive searches conducted on Dr Charlton's computer email system and no such correspondence can be found,’ Mr Rudd said.”  

Second, the Australian Federal Police (equivalent to FBI) conducted a forensic analysis of two computers used by the purported receiver of the e-mail.  "Preliminary results of those forensic examinations indicate that the email referred to at the centre of this investigation has been created by a person or persons other than the purported author of the email," said the AFP.

This revelation of course played to the Prime Minister’s distinct advantage.  He could show that his adversaries had based their attack on misrepresented facts.

The Strategy Lesson:  Unless you are a criminal, your e-records are your friend.  Had the government been destroying its records quickly, it would not have been so capable of exposing this fraud.

–Benjamin Wright

Mr. Wright is an advisor to Messaging Architects, thought leader on ESI investigations.

US Interior Dept. Destroys Email

Printing of Electronic Mail as Federal Government Record Retention?

The Bureau of Indian Affairs (US Department of the Interior) suffered embarrassment in court for the deletion of financial e-mails by former Assistant Secretary – Indian Affairs, Neal McCaleb.  The e-mails contained important information about money the bureau was collecting and holding in trust for Indian tribes. McCaleb deleted the e-mails because his IT department allocated him too little hard disk space. Under department policy, he was expected to print important e-mails onto paper before he deleted them, but because of confusion about who was authorized and directed to do the printing, no one actually performed the tedious and unwanted task.  

Officials like Mr. McCaleb don't naturally embrace clerical duties like printing of e-mails.

The case demonstrates  

1. how legally important e-mail records can be, 

2. the folly of an IT department trying to save a couple of bucks by being stingy with hard disk space, and

3. how dangerous it is today to view printing as a way to preserve email (or text messages) need for purposes of internal control or funds management.  

See Jean Pagano, “Special Master reports findings on deleted e-mails: Department of Interior described as ‘chaotic’,” Native American Press/Ojibwe News, January 31, 2003. This matter was part of the protracted “Cobell” litigation brought by Native Americans against the Department of the Interior. Cobell v. Norton, et al. Case No. 1:96CV01285 (D.D.C.).

–Benjamin Wright

Mr. Wright is an advisor to Messaging Architects, eDiscovery experts and consultants for data restoration. 

Cull ESI

Search Costs in E-Discovery and E-Disclosure

Does the cost of filtering attorney-client communications from legal disclosures justify a policy of skimpy retention of email?  

To understand that question, we need background:  If an enterprise possesses records, it must be prepared to disclose them when required to do so by law.  Disclosure entails effort to find and compile the relevant records.  If the records are paper, the searching and compiling are performed manually.  But if the records are electronic, automated methods for searching and compiling may be available.

For records of electronic mail, modern archival technology enables easy searches, even if the number of records is large.  Search engines can make finding/compiling records rather low cost.  From a policy perspective, those low costs help to justify more complete and lengthy retention of e-mail within an enterprise.  

But wait. Some say those low costs are offset by the expense of screening out attorney communications when law requires that the enterprise disclose records.  

Is that true?  Let’s analyze the topic.

When the owner of e-mail records such as a public agency must release records under e-discovery or freedom of information act (FOIA), the owner may normally withhold those records protected by attorney-client privilege.  Why?  The law wants to encourage open communication between counsel and client and to enable lawyers to create work product outside the scrutiny of adversaries.

Given this right to withhold, a record holder naturally wants to cull out any protected attorney communications before it discloses records.  If performed manually, this detection and sifting can involve much time and expense.  Some therefore argue the holder would have been wiser in the first place not to have retained the records.  They advocate deleting e-mail records as soon as possible.  If the holder does not possess the records, they say, the holder avoids the eventual cost of filtering out the protected records.

That argument, however, ignores how rapidly search engines are advancing.  Advanced search engines employing artificial intelligence and other techniques can (so their promoters claim) outperform lawyers when examining copious records. See, Daniel Fisher, “The Data Explosion,” Forbes, October 1, 2007.  I courageously predict search engine advances will accelerate as better search methodology and algorithms are developed.  

As search technology improves, the need for expensive, manual screening for protected communications diminishes.  

Sure, search engines can make mistakes. A lady from a government agency reminded me that if a privileged e-mail slips out in a FOIA disclosure, the law provides no way to claw it back.  So her agency tediously examines e-mails before divulging them.

My reply:  people make mistakes too.  Moreover, the risk of an occasional privilege slip-up is small reason for a government agency to adopt a policy of early e-mail destruction.  While I respect the agency’s need for confidentiality with its lawyers, many other considerations suggest the agency is wise to keep generous electronic mail records. 

Another point:  is it really in the public’s interest for a government agency to place colossal emphasis on protecting its lawyer records?

As the costs drop for implementing pretty-good automated measures for screening out protected records, the argument for minimizing the size of email archives drops too.

–Benjamin Wright

Mr. Wright is an advisor to messagingarchitects.com, eDiscovery experts and backup tape restoration consultants.