« Whistleblowers and Digital Records Force Transparent Governance | Main | FOIA Meets Electronic Mail »

November 02, 2009


Feed You can follow this conversation by subscribing to the comment feed for this post.

Patrick Cunningham, CRM, FAI

In this instance, I would suggest that the spoliation has a basis in the crappy legal hold process, rather than because the judge was holding electronic records to a higher standard. Yes, electronic records leave behind much more thorough audit trails and this evidence enables closer examination of what happened to the evidence.

That said, it bothers me that we're seeing these requirements and interpretations that place a much higher standard on electronic records or that seemingly require organizations to archive completely unnecessary information in order to show that nothing has been discarded. We would never require that for paper. But we seem to be willing to do that for electronic records... because we can.

I'm beginning to wonder when someone will get spoliation sanctions because they dare to cart paper records into court. Will we need to demonstrate that the paper records were not "born digital"? What do we do when the records were created electronically eons ago and all that remains is paper? Will judges start tossing paper records because no one bothered to keep the envelopes?

This is really getting to be a slippery slope.

Now all that said, I did read the summary of the case presented by Ralph Losey that you linked. This really seems to be a case about bad legal holds and incompetent in-house counsel rather than a bigger issue about electronic records. But the issues I note above remain. If this had happened 20 years ago, would the judge have sanctioned the lawyer because the Sheriff didn't maintain the deputies' note pads and notes slipped into lockers? Clearly, the stuff that went missing was much more than scribbles on notebook paper, but part of this evolving process is also getting people to understand that the minute they touch finger to electronic device, they may be creating evidence -- not a record, mind you -- but potential evidence that will be hard to dismiss, discard, or ignore.

Frankly, with the proliferation of electronic forms of textual retention of information, we have to really start talking to employees about what they create. You would think that police officers would begin to understand that the instant text messaging capability of their data terminals should not be used to say things that will come back to haunt them... but we see this every day with much of what ends up on the Internet.

The comments to this entry are closed.

Wright's Online SANS Education

Jackson County Case Study

IT Administrators


  • Follow benjaminwright on Twitter

Custom Professional Training

Local ARMA Quote

  • "The presentation by Mr. Wright, sponsored by Messaging Architects, was engaging and provocative. He delivered insights that challenged some of our views on retaining e-mail, and definitely shattered others." - Terry Mergele, CRM, Program Chair, San Antonio ARMA.
My Photo


  • Attorney Benjamin Wright is the author of technology law books, including The Law of Electronic Commerce (Aspen Publishers) and Business Law and Computer Security (SANS). A featured speaker at industry conferences and professional meetings, Wright teaches e-discovery, data security and cyber investigations law at the SANS Institute. Mr. Wright advises clients on digital law and forensic investigations. He helps tech professional firms write engagement contracts, and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, blockchain analysts, penetration testers and forensic investigators. His telephone is 1.214.403.6642. Wright's e-mail is ben_wright at compuserve dot com (put "BLOG" in subject line to distinguish yourself from spam). Mr. Wright graduated from Georgetown University Law Center 1984.

SANS Quote

  • "The best professional trainer in the country on these issues is Ben Wright." --Stephen H. Chapman, Principal and CEO, Security Advisers, LLC, and student in Mr. Wright's SANS legal training


  • No public statement by Mr. Wright (blog, comment, book, article, video, speech, tweet) is legal advice for any particular situation. If you need legal advice, you should consult your lawyer.

    The purpose of this blog -- and the purpose of all of Mr. Wright's public statements -- are public education and discussion, and not the delivery of legal, technical or other professional advice. If you need advice or complete information, this blog is not the place to get it. Mr. Wright's public statements are offered as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

    Mr. Wright's public statements on blogs and the like are not intended to advertise or solicit legal services.

    Mr. Wright's contributions to blogs, web courses and the like constitute part of the online update service for the book The Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is a reference for lawyers, published by Wolters Kluwer Law.

    The only person responsible for Mr. Wright's words is Mr. Wright.

    Mr. Wright has received money from some organizations he mentions online, such as Netmail/Messaging Architects, SANS Institute and LabMD.

    Mr. Wright strives to comply with all applicable laws. He does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Mr. Wright has done anything illegal or unethical, he asks that person promptly to notify him at 1.214.403.6642, Dallas, TX. Also, please state publicly on Mr. Wright's blogs or pages that he is wrong. Promptness helps mitigate damage.

    Any person accessing this blog agrees not to use data from it (or from any other public activity or statement by Mr. Wright) in a way that is adverse to Mr. Wright's interests.

    Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly so agree. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchanging private messages with Mr. Wright does not, by itself, form an attorney-client relationship.

    Privacy/Security Vision: Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

Search Wright's Blogs

Find More on This Blog


Become a Fan

Find More on This Blog