Tips For Complying With E-Discovery Retention Requirements

Friday, June 1, 2007 - 01:00

Editor: Please tell our readers about your professional experience and how it enhances your ability to assist clients with e-discovery?

Herman: My background has always been in technology. In college, I enjoyed math, particularly the application of mathematics to real-world problems, so I found myself studying engineering. When I graduated, I worked as a structural engineer for Boeing, helping to design the wing and tail structure on the 777 aircraft, a process that was completely computerized. While working on that program, I became even more interested in computers, databases, web design and everything it takes to make computer technology work. During that time I obtained a Masters degree in Computer Science and an MBA in Management Information Systems, which expanded my knowledge and understanding of how computers were used in the business community to solve problems and make employees more productive.

I began working on e-discovery matters as a contract database administrator for a small Seattle-based company, charged with maintaining and ensuring the accuracy of the review environments used by attorneys to organize and produce large quantities of documents. My engineering, computer science, and business degrees and experience allowed me to establish a very methodical process for resolving issues relating to the data processing and document review lifecycle. My career in e-discovery continued to evolve from that point.

Editor: Would you tell our readers about UHY Advisors' Forensic, Litigation & Valuation Services (FLVS) and the e-discovery services it provides?

Herman: UHY's FLVS practice provides litigation support services for attorneys encompassing all facets of the litigation process. Not only do we have e-discovery and Digital Forensics experts, but we have a Global Investigations group, damages experts, forensic accountants, and valuation experts. We specialize in intellectual property, internal investigations, and antitrust cases, and have an abundance of similar professionals that work with litigants throughout every phase of the litigation lifecycle. We truly are a one-stop-shop for just about anything a legal team would need to mount a proper defense.

I spend a lot of time with corporate clients, helping them to develop and institute records management and retention plans, develop litigation response plans, and remediate large quantities of "old" data that may still be sitting around, long after its usefulness has passed.

Editor: What are the most common mistakes that you have seen companies make when managing electronic data?

Herman: There are two principle areas where companies get in trouble. First, at the onset of litigation, companies need to ensure that their employees are preserving documents that may be potentially relevant to the matter at hand. It is important to let people know so that they do not delete important emails and so that IT can stop any automatic "purging" of potentially relevant information from the company's data storage systems.

The second area where companies get in trouble is that they often underestimate the volume of electronic data that they have. The most common metric I see used in this industry is that one gigabyte of electronic data translates to about 75,000 pages of paper. To put that into perspective, the average employee has between two to five gigabytes of data on their PC. If you multiply it out, that is a lot of information that needs to be stored and managed - and that is just one computer.

Editor: Would a records retention policy assist in dealing with these issues?

Herman: Absolutely. We work with clients to help them institute policies suitable for their needs. The challenge is to develop a policy that incorporates the unique aspects of each client. Each business unit may have a need to maintain records for a specific period of time. For instance, tax documents, HR-related information, and other key regulatory records must be retained for a statutorily defined period of time. These records, combined with others that may need to be retained for operational purposes, all have to be retained for a specific period of time, but should not be held any longer. In addition, there needs to be training for workers who may be used to doing things a certain way. Anytime there is a shift in paradigm there needs to be training to ensure that employees understand what is expected of them and the reasons for doing things a certain way.

Editor: In your experience, which departments within an organization are best suited to oversee a company's document retention policies?

Herman: It is important to have input and buy in from all the departments within the organization. Each department has documents that will be subjected to the retention policy, so each should be involved as the "owner" of those key documents. It may be the responsibility of the IT group to make sure that information is stored and properly maintained, however, there must be an individual from each business unit charged with managing the information. It's not fair to leave that responsibility solely in the hands of the technical folks.

Editor: Are there advantages to having the legal department oversee the entire records retention policy?

Herman: The legal department's management of the policy prevents the types of miscommunications that can take place when litigation hits the organization. If the legal department is familiar with the records retention program, including the procedures undertaken to put it in place, and audits it on a regular basis, they will be able to make appropriate representations to the other side. If they are not involved in the records retention process, there is a higher potential for miscommunications and misrepresentations to opposing counsel during the discovery phase of trial.

Editor: What benefits would a consultant bring to the overall management of that policy?

Herman: One of the advantages of working with a consultant is that bringing someone in from the outside shows that the company has bought into the process. The fact that the company has allocated a portion of budget to make this happen carries a lot of weight within an organization. Another benefit is that outside experts offer an objective perspective and an abundance of experience when it comes to a company's process for retaining information.

Editor: Do you advise companies to store information on one centralized location and avoid personal storage?

Herman: Documents should be stored in centralized locations to reduce the number of duplicate copies within the organization. If everyone made it a regular practice to synchronize their information with a central repository, it would be easier to locate data during litigation because it will be maintained in one place. Now, in reality, the central storage idea is sometimes hard to institute. The key to this element of a records management and retention policy is to find a common ground between true centralized storage and the needs of the individuals that would be subject to such a policy. I have yet to encounter a situation where some sort of hybrid solution cannot be formulated.

Editor: Are there benefits to storing information in a native format?

Herman: The amended Federal Rules of Civil Procedure require documents to be produced as they are stored in the normal course of business unless both parties agree to some other form of production before hand. Additionally, there is generally a lot of cost associated with converting native documents to other formats. By retaining information in the native format a company can comply with production requirements and avoid such costs.

Editor: What should companies do to ensure that employees adhere to their data retention requirements?

Herman: The key is to establish a policy that is simple enough for everyone to follow. If the policy does not make sense, people will not put in any effort to adhere to it.

More importantly, the IT department needs to be involved because it has the power to establish policies that can govern employee behavior. They can modify computer systems and account permissions to determine where people can save information and the parts of the network they can access.

Editor: Companies are required to manage data contained on mobile devices as more workers communicate through these systems. What advice do you have so that they can best manage this information?

Herman: It is important to remember that most mobile devices are generally a mirror image of your email mailbox. If those devices are used and set up properly, the information they carry should be duplicative of the information in your mailbox. The challenge comes when people change the settings on that device allowing it to save emails, files, and pictures that do not exist elsewhere. When employees change those settings, companies may have to undertake the additional costs and burdens of collecting the information stored on those devices as part of litigation.

Text messaging through cell phones and instant messaging from computer to computer are posing new challenges for companies as it becomes an increasingly popular method for people to communicate. The challenge is that the cell phone or PC is the only place where the messages are stored. All of a sudden companies are faced with a problem of a similar magnitude as email. To reduce the impact of these activities companies can establish policies prohibiting the use of text and instant messaging on company-owned devices, or they can provide an instant/text messaging service that can be logged and stored like email. For instance, Microsoft Outlook includes Microsoft Messaging for instant messaging. Using this system for employee chat allows the IT group to record and retain conversations in the same manner and for the same period that they would an email message.

Editor: Rule 26 of the FRPC protects companies from having to undergo the burden or cost of retrieving inaccessible information. Is it possible to make the distinction between accessible information and that which is "not reasonably accessible" given the growth in technological capabilities?

Herman: The amended rules include committee notes with specific examples of what is inaccessible information. Granted, these examples are not part of the actual rules, just committee guidelines, but they do help. First, any information that was deleted during the normal course of business, outside of the context of litigation, would be considered inaccessible. So, if information is deleted as part of a company's records retention policy before a litigation hold was put in place, they would not have to undergo a "forensic" process to retrieve that information. Also, the notes distinguish between backup tapes maintained for disaster recovery purposes and those stored for any other reason. Tapes kept for disaster recovery purposes are generally not accessible as long as the information contained within them is available on the "live" systems. The key is to understand the definition of disaster recovery. By definition, backups kept for disaster recovery purposes are those used to recover a system in the event that something happened to the servers. Now, there will be an issue with backup tapes held for a long period of time. It is difficult to conceive that a company would restore a system that "melts down" with backup media that is more than several weeks old. All of the information created by the company between the time the backup was created and the disaster event would be lost.

Additionally, as in a lot of cases, if the company makes it a regular practice to restore those tapes to get emails or files that were accidentally deleted by company employees, they cannot declare the tapes inaccessible in the context of a litigation because they make the regular practice to "access" them. The application of Rule 26 in a litigation context is really a case-by-case analysis and is going to be based on the technology in use, the policies with respect to those backups, and why those backups are kept.

Please email the interviewee at douglash@uhy-us.com with questions about this interview.