Why Your Business May Be At Risk SEVEN Misconceptions About Electronically Stored Information, Recent Electronic Discovery Amendments To The Court Rules, And The Direct Impact These Issues May Have Upon A Business

Sunday, July 1, 2007 - 01:00

Nearly all information now being created and stored by businesses is created and stored electronically. Paper files are becoming things of the past. It's no wonder that federal and state commissions have amended court rules to recognize this trend, and imposed new obligations on businesses (big or small) regarding electronically stored information ("ESI").

The impact of these new court rules goes far beyond those businesses actively involved in litigation; yet businesses continue to remain unprepared to manage these new ESI obligations. A recent survey found that only 7% of corporate attorneys consider their companies prepared for these changes.

The new electronic discovery ("e-discovery") rules represent the courts' first formal attempt to address real-life problems faced by trial lawyers in dealing with rapidly spawning electronic records. These rule amendments require businesses to: (1) understand their technology and keep track of ESI; (2) suspend routine ESI deletion policies when a lawsuit is anticipated or risk exposure to severe sanctions, and (3) be aware of these new obligations.

Here are seven common misconceptions businesses have about their obligations:

Since we are not presently involved in a lawsuit, there is no need to concern ourselves with these new rules. There need not be an active lawsuit for there to be an obligation on a business to preserve ESI. Courts recognize that ESI is prone to loss because computers are repurposed or taken out of commission, backup tapes are reused and sometimes lost, and/or massive amounts of e-mails are routinely deleted. It can be time-consuming and expensive to reconstruct lost evidence after a lawsuit is filed. Businesses are held to a heightened obligation to preserve ESI as soon as a lawsuit is "threatened." A business that waits to be sued before it begins to act does so at the risk of significant monetary sanctions.

If we're required to save data every time a lawsuit is threatened, our company would be crippled; we'd lose our business. The new rules recognize this problem and provide that a party preserve only relevant ESI. While there is no duty to keep every document in your possession, your business is under a duty to segregate and preserve what it knows or reasonably should know will likely be requested in a foreseeable lawsuit.

We don't have to worry about these new rules because our lawyers will address any issues that may arise during litigation. Waiting to be sued before you focus on your ESI obligations is too late and will be more costly in the long run. You cannot implement a plan of action after key evidence has been destroyed. You must understand your technology now and create procedures that demonstrate that you have a plan of action to preserve potentially relevant ESI if a lawsuit were to be filed. This plan should also include creating an ESI team (GC, IT, HR, Risk Managers), who will notify and educate employees on what to do when faced with a potential lawsuit.

Even if we accidentally were to lose relevant ESI evidence, the loss would not have been intended to destroy harmful information; surely courts would understand. Even accidental or innocent loss of relevant ESI is sanctionable when it could have reasonably been prevented. Courts have sanctioned companies for "innocent" destruction of ESI where there was no ESI preservation plan in place. Courts have compelled businesses to restore lost data. In one instance, it cost a company $9.75 million to restore its lost data. Fortunately, the rules do allow a "safe harbor" that provides limited protection against sanctions for a business' inability to provide ESI that has been lost due to routine operations of an ESI system. However, this safe harbor is available only to those who lose data during normal operations which are part of a "routine" procedure and done in "good faith."

Many of our employees work from home and use their own PCs; therefore, we don't have to worry about those computers. The new rules widen the scope of ESI to include personal home computers, cell phones, copy and fax machines, voicemail, instant messaging, PDAs, websites, flash drives, etc. As long as employees are working for you, it does not matter where they are located or what devices they are using to generate electronic information related to your business. Plus, ESI covers more than just e-mails. Any drawings, writings, charts, spreadsheets, photos, graphs, sound recordings, images, or other data compilation stored in any medium on these and future devices are subject to the rules. Your business is expected to keep track of them.

Once data is deleted, it's gone forever. In most cases, "delete" does not mean gone forever. Since every electronic document leaves a "fingerprint" behind, chances are a computer forensics expert can recover the data.

We're too small a business to worry about these changes. If you are a business with a computer or any other device that generates electronic data, you are within reach of the new rules.

The law on e-discovery is so unexplored that even some judges and lawyers are not prepared for the ramifications. Therefore, the rules place a significant premium on knowledge and preparation. Principles of good case management, an understanding of your data and devices, and professional guidance will likely be the hallmarks in these changing times.

The last place a business wants to be is in court unprepared for e-discovery issues and facing severe sanctions. Even worse, a major concern for businesses is that they face the possibility of being innocent of any wrongdoing, but may potentially face significant sanctions for "sloppiness" or "ignorance" for failing to fully understand the e-discovery rules and requirements. Because these rules present novel and often difficult technical issues, early and continued attention to ESI is essential.

Jim Shrager, Margaret Raymond-Flood and Fernando Pinguelo are Members of Norris McLaughlin & Marcus, P.A.

Please contact the authors at e-discovery@nmmlaw.com with questions regarding this article.