Compliance

12:20 PM
Brad Harris
Brad Harris
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Consider Yourself Served: The Rules Havenít Changed, But Technology Has

Eight to 10 individual employee lawsuits have been dismissed for failure to preserve Facebook and other social media, text messages, email, and other records connected to the case.

Each day, information technology professionals face new challenges on how information is created, retained, and preserved within their organizations. Numerous ways have been developed to accomplish these tasks and are usually sufficient. But are companies confident in their process for organizing and preserving data in a way that would hold up in a court of law?

When litigation is pending, an organization has a legal obligation to preserve information and correspondence that may be relevant to the case. In the past, preservation was done literally by collecting and boxing up documents and letters that would be needed to support the case. Today the same preservation obligation applies for litigation, yet the vast majority of documents are electronic. Collection and storage become much larger challenges. And when you add in big data, storage in the cloud, and the blurred lines between personal and business work on mobile devices, things get complicated.

More than 10 years ago, there was a landmark legal opinion about the obligations surrounding preservation of electronic data. In Zubulake v. UBS Warburg LLC, the judge issued several directives that have stood the test of time. These directives included defining the "trigger event" as once a party reasonably anticipates litigation. They describe the importance of key players, suspending routine document retention and destruction policies, and putting in place an effective litigation hold to ensure the preservation of relevant documents.

Numerous subsequent court opinions have formed the foundation regarding the duty to preserve. The primary concept is that, if we don't preserve relevant information that is evidence, we don't have a judicial system.

For example, what happens when a lawsuit is filed against your organization, information is requested, and it no longer exists? Your company has automatic document retention and deletion programs and failed to turn off the auto-delete feature. Evidence that you are required to produce, or that may be critical to defending the organization, is deleted or can't be located easily.

Failing to take reasonable steps to preserve information is considered a negligent or, worse, gross negligent action, and it is clearly unacceptable by the courts. Ten years ago, companies may not have paid attention to preservation all that often. Yet in the intervening years, a number of best-practices have become the standard on which reasonableness and good faith are measured. One guideline stands out in particular: Issue a litigation hold at the onset of litigation or whenever the litigation is reasonably expected.

Additional concepts from the Zubulake v. UBS Warburg opinion 10 years ago are now rock-solid expectations. Attorneys and company executives need to communicate directly with the key players in the litigation and emphasize the importance of preserving data. Numerous cases have since reinforced this as an essential practice.

Not just an issue for the defendants
The requirement to preserve data is not just for one side of the case. Plaintiffs and defendants both have an obligation to preserve. One recent opinion of note was issued in August 2013 in Sekisui v. Hart. The judge said the plaintiffs did not instigate a legal hold for more than 15 months after sending notice of claim to the defendants. Note that these are the plaintiffs.

In the last year or two, eight to 10 individual employee lawsuits have been dismissed for failure to preserve Facebook and other social media, text messages, email, and other records connected to the case.

So why do courts continue to revisit this issue of preserving evidence? We call this technological disconnect. Attorneys today need to understand metadata, legacy, archive, forensics, smartphones, Twitter, backup drives, etc. They have to understand all that information in order to apply the rules of procedure and discovery.

E-discovery now falls within the scope of a lawyer providing competent representation to a client. Meeting that challenge requires working with IT professionals, educating key players, streamlining processes, and paying attention to the legal guidelines set forth. Attorneys may argue that so much data makes the legal hold process complex. Admittedly, it takes time to understand and address the technological issues, but systems and best-practices have been developed for this purpose.

The risks associated with failing to respond in a timely and effective manner in response to a duty to preserve data can be catastrophic to a case. One consequence can be what is known as an adverse inference, a legal situation in which a court concludes that evidence not produced should be inferred to be unfavorable to the party being asked to provide it. Silence or refusal to cooperate can be taken as a suggestion that wrongdoing occurred, and that someone tried to cover it up. A lack of a legal hold process, or a haphazard approach to saving and preserving data, could easily yield this scenario. Courts have shown an increasing willingness to impose serious sanctions when a party ignores a duty to preserve.

Technology and mobile computing have provided fantastic tools for businesses, yet new challenges have cropped up because of them. Now we just need to implement the same advances to the solutions. The challenges created by technology can be solved by technology.

Brad Harris is VP of Legal Products at Zapproved. Brad has more than 25 years of experience in the high technology and enterprise software sectors, including assisting Fortune 1000 companies enhance their e-discovery preparedness through technology and process improvement. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Andre Leonard
50%
50%
Andre Leonard,
User Rank: Apprentice
6/20/2014 | 2:15:33 PM
The IRS cannot even keep it's emails.
Interesting this thought about keeping emails. Not even the IRS is able to accomplish this.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
6/25/2014 | 9:48:23 AM
Re: The IRS cannot even keep it's emails.
Ha, yes. The IRS deleted the emails "accidentally, on purpose."
Becca L
50%
50%
Becca L,
User Rank: Author
6/29/2014 | 9:43:03 PM
Re: The IRS cannot even keep it's emails.
I recently heard that some years ago some governement branch intentionally never opened e-mails from the EPA that contained research documents on climate change so they didn't legally have to acknoweldge it.  Can any other institution in the world pull such a stunt? Imagine a company says, our staff didn't repsond to the data breach because we didn't get around to checking the inbox!
Becca L
50%
50%
Becca L,
User Rank: Author
6/29/2014 | 9:48:16 PM
Re: The IRS cannot even keep it's emails.
Great article, Brad. It's astounding how many ways data can be used for and against a company! The courts are increasingly aware of what data should be recorded, knowing full well how difficult it is to document and maintain. 8-10 court cases thrown out the window in two years because of something like an improperly filed Facebook post - wow! What a crazy rulebook we go by!
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
6/30/2014 | 6:10:45 AM
Re: The IRS cannot even keep it's emails.
It's similar to refusing to accept legal papers from a court (You've been served!). As long as you don't accept the papers, you have never officially been notified. However, I think the email stunt (not opening emails) may not hold up in court. After all, you 'accepted' the emails but you never opened them.
Becca L
50%
50%
Becca L,
User Rank: Author
6/30/2014 | 11:01:09 AM
Re: The IRS cannot even keep it's emails.
Ha, it's amazing how these rules and practices can be tweaked. A while back a person who refused to accept papers was served over Facebook. The judge agreed it was definitely their account, and they were definitely active users, so it was as good as any means of delivery. Actually, serving over social media is becoming a more accepted practice..  http://www.bloomberg.com/news/2011-06-06/facebook-becomes-tool-to-serve-legal-papers-on-those-who-exist-only-online.html

I also have an irrational fear of this scenario: "Your honor, I have proof the defendant scrolled to the bottom of the page and accepted the terms and conditions." NooooooooOOOooo

 
More Commentary
Business Continuity 2.0: Weíre Gonna Need a Bigger Boat
What would happen with a long-term outage to financial systems or the nationís critical infrastructure? Businesses arenít even close to being prepared.
Using RPA in Banking to Streamline Development
As the returns on outsourcing decline, firms are looking for other ways to increase efficiency and reduce costs in the IT organization. Robotic Process Automation may help.
SEC Vote Is Drama for the Masses, With No Happily Ever After
All of them hoped it would never come to this.
Driving Information Security, From Silicon Valley to Detroit
As software interacts with more and more of our daily lives, technology providers may be liable for more damages than they have in the recent past.
Big Data's Challenge: Matching Business Needs With Technology
All those bits and bytes only add up to something when theyíre organized, arranged, and made coherent.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.