Electronic Records Had Been Discarded Under Interpretation of Retention Policy
Why Allow Deletion If Government Must Later Restore Records?
A county's formal policy on e-mail destruction failed to save it from the cost of recovering deleted e-mails in a lawsuit under Ohio's Public Records Act. Like FOIA laws in other states, Ohio's Records Act requires state government agencies like counties to disclose records to citizens upon request.
The case in question is a decision by the Ohio Supreme Court, State ex rel. Toledo Blade Co. v. Seneca County Board of Commissioners, 2008 WL 5157733 (Ohio Dec. 9, 2008). Plaintiff sought e-mails of county commissioners concerning demolition of an old courthouse. The county turned over some e-mails, but plaintiff managed to show that some relevant e-mails were missing because they had been deleted. It made this showing by analyzing the e-mails that were turned over and proving some logical gaps appeared within them. Also, some commissioners admitted they had deleted some of their relevant e-mails.
Forensics Reverses Written Policy!
The county's written policy allowed each user to delete e-mail that the user deemed to be of "no significant value." (Some people call such e-mails "non-records".) Such a policy is a version of the make-a-decision style of e-mail (text and instant message) records management, where users are expected to decide the destruction/retention fate of each message.
After the court determined that some relevant e-mails must have been deleted, it observed that through the use of forensics measures some e-mails might be recoverable from commissioner hard drives. The county argued it should not be required to restore deleted e-mails because they had been deleted in accordance with the county's record retention policy, which the county had adopted in good faith. Further, the county argued that forensics measures are excessively expensive.
The court disagreed with the county. The court ordered the county to undertake costly forensics steps to search for and restore deleted e-mail records that met certain criteria – all at the county's expense.
Different Retention Policy Needed
Gadzooks! If a government agency is required under a FOIA to incur great expense to recover deleted e-mails after officials had determined -- under a formally-adopted policy -- that the e-mails were of "no significant value," then it makes no sense to let officials delete e-mails in the first place. Such a make-a-decision style of policy is unworkable because it will cause the government regularly to employ expensive forensics to recover deleted records. As a policy matter, the government is wiser just to archive copious records and take decision-making out of the hands of individual users.
I have long questioned e-mail retention policies (the make-a-decision policies) that emphasize a user examining each particular message and then deciding whether to destroy it or to keep it. But some learned people disagree with me. An argument they sometimes make in favor of the make-a-decision style policy is that it mimics how paper was handled. With paper, they argue, lots of documents came across the desk of each official. The official would decide whether to throw the paper in the trash can, or to place it in folder A, or folder B or folder C.
Yet this Toledo Blade case demonstrates that e-mail is different from paper. Even after e-mail is deleted, it can still be recovered forensically. The cost of recovery can be high, but this court forced government to incur that cost.
Technical footnote: The court ruled the commissioners had probably violated the county's policy by deleting e-mails that were of significant value, when the policy said that only insignificant records would be deleted. However, this detail should not change our understanding of the case's import. From the point of view of someone writing records management policy, the risk is ever-present that a court will second-guess users after-the-fact. Looking back at past decisions, a court can always say, "user should not have allowed that e-mail to be deleted" or "user should have placed that e-mail in retention category X rather than retention category Y." Users always make records management mistakes, and thus leave an enterprise constantly exposed to the threat of having to employ forensics (after-the-fact) to reverse user decisions. Therefore, the policy writer is motivated just to remove users from retention/deletion decisions.
Background: One of the purposes behind Freedom of Information Acts -- and public records acts generally -- is to enable citizens, FBI, police and internal auditors to investigate public officials for fraud, waste, corruption, embezzlement, conflicts of interest and misappropriation of funds. The ever-present possibility of such a probe motivates officials to be fair and honest.