Sailing the safe harbor Posted By Daniel Kaiser, Esq. on August 11, 2009
BRING OUT YOUR DEAD…documents. If your company goes to court, and your opponent’s discovery request includes dead files or electronic files previously deleted from your archives, have you secured safe harbor protections against court sanctions? In order to do so, here’s a quick set of guidelines:
- Adopt a company-wide document retention policy, defining the time frames within which specific categories of documents must be retained (according to file type, local and federal law, and industry standards).
- Eliminate files only after their defined retention period expires.
- Consistently implement this policy, throughout your company.
- In the event that you might reasonably anticipate litigation, implement a “legal hold” policy defining and executing the process by which relevant information is identified, preserved, and maintained for discovery purposes.[1]
- Enjoy safe harbor protections for files deleted in the course of database management (as defined by your document retention policy), falling outside of the context of the aforementioned legal hold.
- In this context, an adverse inference or other court sanction for spoliation of evidence would require the following three elements:
- that the party having control over the evidence had an obligation to preserve it at the time it was destroyed;
- that the records were destroyed with a ‘culpable state of mind’ and
- that the destroyed evidence was ‘relevant’ to the party’s claim or defense such that a reasonable trier of fact could find that it would support that claim or defense.[2]
The corporate records you maintain as electronically stored information (ESI)─now including email, voice messages, proposals, sales documents, contracts, legal documents, tax records, employment records, Board minutes, and press releases amongst other important files─are both assets and potential burdens to your company. 
Having extensive records at your fingertips will enable smooth operations by informing you in your transactions with existing and potential clients, by allowing market analysis and company forecasts, and potentially by protecting you in the event of a lawsuit.
Yet every coin has its flip-side. In many companies, massive proliferation of ESI threatens to bog down their storage capacities. Picture the deluge in physical terms: if one gigabyte of data would, (roughly speaking) require enough pages of print-out to fill a pick-up truck to capacity imagine the one thousand twenty four trucks that would be required to hold a terabyte. Such volumes are often seen in today’s large enterprises.
Understandably, in this post-Enron and Sarbanes-Oxley era, when in doubt regarding the decision to retain or delete a document, many have chosen to avoid potential liability by opting to retain. Section 404 of the Sarbanes-Oxley Act of 2002 ties executive liability to, among other things, the presence of effective internal controls.[3] A reasonable and functioning document retention policy could be a relevant metric in the examination of these controls. Even more directly, the errant destruction of an electronic file may lead to the inability to produce a document requested during the discovery phase of a lawsuit. Rule 37 of the Federal Rules of Civil Procedure (Fed. R. Civ. P.) levies sanctions upon parties to a dispute (including an unfavorable default judgment) for a failure to make disclosures or to cooperate in discovery.[4]
This Scylla and Charybdis, the opposing hazards of run-away databases on the one hand and over-zealous ESI culling on the other hand, can be fairly easily avoided. Fed. R. Civ. P. 37(e) creates the following Safe Harbor for “Failure to provide Electronically Stored Information”:
Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.[5]
It is vital to note from the outset that this Rule does not open the doors to old-style record elimination─such an interpretation would simply amount to federal common law spoliation of evidence[6]─yet a Safe Harbor may be sailed via the well-crafted creation of and compliance to a document retention policy. Two questions that should be asked are: 1) How do I create a Safe Harbor for my company’s elimination of ESI? 2) How do I ensure that my company doesn’t sail beyond the boundaries of the Safe Harbor?
Creating your Safe Harbor begins with the drafting and implementation of your document retention policy. Your company’s document retention policy (including your digital document retention protocol) should be your best friend. By creating guidelines regarding the period of time during which different categories of documents should be maintained you will be able to free your hard drives from their accumulation of digital detritus, and at the same time you can ensure that your employees do not eliminate files relevant to a potential litigation (a.k.a. covering your back-side). In setting the time frames within which a particular file of ESI should be maintained, consideration must be given to local and federal laws,[7] to the standards of the industry within which your company fits (as well as to the type of ESI in question (see the types of corporate records discussed at the beginning of this article).
Next, a company must take care to put a “legal hold” on their routine when the shadow of litigation appears. Even if a file is scheduled for routine culling, the act of eliminating a piece of relevant ESI in such circumstances would remove the Safe Harbor protections of Fed. R. Civ. P. 37(e), exposing you fully to Rule 37’s sanctions (including the default judgment). The Sedona Conference Working Group on Electronic Document Retention & Production has produced an excellent commentary entitled The Trigger & The Process.[8] This commentary clarifies the circumstances in which a legal hold should be placed on ESI, providing eleven useful guidelines expanding upon the following statement:
The law has developed rules regarding the manner in which information is to be treated in connection with litigation. One of the principal rules is that whenever litigation [or a regulatory investigation or proceeding] is reasonably anticipated, threatened or pending against an organization [or natural person], that organization has a duty to preserve relevant information. This duty arises at the point in time when litigation is reasonably anticipated whether the organization is the initiator or the target of litigation.[9]
So far, so good – but a policy per se will not be sufficient. Any compliance team will be quick to point out that the human element can be one of the trickier elements to tackle when implementing a new policy. As basic as it sounds, a strong dose of oversight is required to ensure that your policy is, in fact, executed. In the Corporate Counsel Section of the New York State Bar Association annual meeting, panelist Kenneth Rashbaum (of Fios, Inc.) pointed out that the “most critical aspect of record retention policies and e-mails is employee education . . . employees won’t follow what they don’t understand. . . .”[10] In addition to explaining what records fall into particular categories of your policy, another panelist (Eva L Jerome of Bryan Cave LLP) pointed out that upon implementation of a legal hold, “oral instruction immediately followed by a written one . . .” should be given to all potential data custodians, followed by “ongoing monitoring of compliance, including sending out periodic reminders of the hold and recertifications. . .”[11]
If you need to create, implement, or oversee a digital document retention protocol, discuss these issues with your attorney. Ensure compliance. Discover and sail the sheltered waters of your safe harbor. Put a legal hold on your ESI if the shadow of litigation presents.
[1] www.thesedonaconference.org/content/miscFiles/Legal_holds.pdf at 2.
[2] Zubulake v. UBS Warburg LLC, 229 F.R.D. 422, 430 (S.D.N.Y.2004).
[3] Sarbanes-Oxley Act, Pub. L. No. 107-204, § 116 Stat. 745 (2002).
[4] Fed. R. Civ. P. 37.
[5] Id. at (e).
[6] See, e.g., Silvestri v. General Motors, 271 F.3d 583 (4th Cir. 2001).
[7] See, e.g., Fair Labor Standards Act of 1938.
[8] www.thesedonaconference.org/content/miscFiles/Legal_holds.pdf
[9] Id. at 1.
[10] Alessandra Scalise, Corporate Counsel program reviews e-record management, N.Y. St. B.A. State Bar News, Mar.-Apr. 2009, at 24.
[11] Id. at 27. See also Zubulake v. UBS Warburg LLC, 229 F.R.D. 422, 432 (S.D.N.Y. 2004).
Post A Comment