One deleted e-mail lands company in court
July 7, 2009 by Sam NarisiPosted in: Solutions, Special Report
Electronic discovery rules have thrown a wrench into businesses’ document management practices — those that aren’t up-to-date could face big legal trouble.
Passed in December of 2006, the e-discovery rules hold IT responsible for preserving electronic info that could be used as evidence in a court case. Failing to comply can be costly.
One recent court case started as an employment dispute. A worker claimed she was unlawfully fired for taking protected leave under the Family & Medical Leave Act. The company claimed she was let go in a restructuring that would’ve happened even if she didn’t take leave. But the judge didn’t buy it.
One key piece of evidence against the employer: a deleted e-mail explaining why the woman was fired. Here’s what happened, according to the court opinion:
After the woman was fired, her manager sent an e-mail explaining the termination to the rest of the department. When she said she was suing, the manager was told to save all relevant documents — including e-mail — in preparation for litigation. But she deleted the e-mail anyway.
The manager said it was erased by mistake, but the judge didn’t believe her. He ordered the company to be sanctioned. That means when the case goes to trial, the jury will be told the company deleted the e-mail on purpose, presumably to hide incriminating evidence.
Have a policy, enforce holds
The first step to avoiding e-discovery fines and sanctions is having a document retention policy and sticking to it. In most cases, companies can stay safe when info is deleted based on an organizations normal procedures for dumping data. For example, if e-mails are deleted from the server after a month, a company won’t get in trouble for missing a message that’s more than a month old.
However, policies must also include a provision for litigation holds — that is, hanging on to relevant documents when a lawsuit begins. Once a company knows it may be heading to court, the rules demand it protect any data that could play a role in the case.
In the case above, the company didn’t adequately respond to a litigation hold. Instead of setting up a process to archive every e-mail that mentioned the employee, or every message sent by someone involved in planning the reorganization, the company simply trusted managers not to delete relevant e-mails.
So the manager deleted the e-mail from her computer, and IT didn’t back it up — leading to the sanction against the company.
Cite: Connor v. Sun Trust Bank
Tags: document management, e-discovery, electronic discovery
July 9th, 2009 at 9:59 am
The revised FRCP rules around eDiscovery are what tripped this company up. There is no “hard and fast” rule around what the courts require, because the rule itself is subject to interpretation by the courts. Although there is no firm precedent, “Industry best practice” right now is to preserve all e-mail for 1 year.
KEEPING e-mail longer than your retention policy can also get the company in trouble. Having 10 years of e-mail means that all 10 years have to be disclosed during the discovery phase of legal proceedings, and there can be lots of stuff in 10 years of e-mail that allows the other side to build a case against your company.
As an example, let’s say that budget time rolls around, and the facility engineer recommends replacing an older fire supression system. Budgets are tight, and the manager responds in e-mail, “not this year, next year”. Next year rolls around, and the same thing happens. Having BOTH e-mails from the manager telling the facility engineer “not this year…” could be grounds for negligence in the event that the fire supression system fails, causing damage or injury.
Another example is “jokes” in e-mail. If your company institutes a policy against jokes in e-mail, but you have 10 years of e-mail, someone could find “joke e-mails” from 10 years ago as support in a sexual harassment or discrimination suit. The company would have to go back and document its policies at the time the e-mail was sent, and even if there was no policy against joke e-mails at the time, it helps establish tha the company culture tolerates (x or y) sort of behavior.
As the article mentions, once the company is notified of legal action, ALL LEGAL EVIDENCE SHOULD BE PRESERVED IMMEDIATELY. If your IT folks are not trained in “chain of custody” procedures, have the lawyers bring in an outside IT firm that specializes in forensics and legal discovery procedures. Having an outside company perform the discovery looks better, because there is no opportunity for coersion or bias based on friendships or reporting structure within the company.
In order to accomodate the revised FRCP rules, and to facilitate eDiscovery, many companies are implementing e-mail archiving solutions that automatically story a copy of e-mail on a separate server. Many so-called “archiving” solutions just capture internet e-mail — just the messages between your company and your customers or vendors (or your Aunt Betsy if you use corporate e-mail for personal use), but do NOT capture internal e-mails, such as the ones between you and your manager or subordinates. If you implement an automated e-mail archive solution, make sure it captures everything.
September 16th, 2009 at 10:07 am
JParr says “Industry best practice right now is to preserve all e-mail for 1 year”.That is NOT a records management best practice.
Actually e-mail should be managed to it’s content. E-mail is ONLY a vehicle for transmitting information. As a broad example, if your retention policy for HR documents is 10 years, then e-mail regarding HR issues needs to be kept for 10 years. If your retention policy for facilities documents is 3 years, then e-mail regarding facilites needs to be kept for 3 years.
Again, it’s about managing the content of the information, not the media it’s delivered on.