Home | International Students | General Discussion | About us | Contact

Lawfirms

New York City law firm listings. You can also post and read comments about law firms.

Placement Agencies

New York City placement agency listings. Post and read comments about placement agencies.

Articles

Read news articles about new developments in the legal field affecting contract attorneys.

Do's and Dont's

What every temporary attorney needs to know BEFORE they start an assignment.

 

More Articles

--- 2007 ---

Unlocking Keywords to Ensure Effective E-Discovery

The Real Implications of the New Rules on EDD

Commentary: What Is the Proper Level of Judicial Review for Mergers?

Bankruptcy Work Falls, but Megacases Still Provide Hefty Fees

Practical Responses to New Federal Rules on E-Discovery

Why Most Document Retention Policies Are Ineffective

Has the Antitrust Division Lost Its Nerve?

Howrey Adds Trio of Veteran Litigators to N.Y. Office

--- 2006 ---

The Howrey Way...

Temporary Solution...

Making Document Review a Success

The Basics of Hiring a Contract Attorney

Slaves of New York


Login

Register FREE with Temporary Attorney and gain access to all New York City law firm, placement agency and restaurant listings.

Also post your comments and rate law firms and placement agencies!

Register


ARTICLES

Why Most Document Retention Policies Are Ineffective

By Kenneth L. Stein and Richard H. An
The Privacy and Data Protection Legal Reporter
January 3, 2007

Many companies have document retention policies in which paper and electronic documents are discarded or deleted after specified time periods, depending on the content and type of document. Those policies serve to keep sensitive information from getting into the hands of others, as well as to control the amount of physical and digital memory space needed to store documents. See Arthur Andersen LLP v. United States, 544 U.S. 696, 704 (2005). Some companies, for example, automatically delete e-mails older than 3 months, unless specifically saved by an employee. See Hynix Semiconductor, Inc. v. Rambus, Inc., No. C-00-20905 RMW, 2006 WL 565893, at *11 (N.D. Cal. 2006). Courts, including the U.S. Supreme Court, have recognized that there is nothing wrong with such policies, even where they might result in the destruction of documents that might be material in a later lawsuit, as long as that lawsuit was not reasonably foreseen at the time the documents were destroyed. See Arthur Andersen, 544 U.S. at 704 ("It is, of course, not wrongful for a manager to instruct his employees to comply with a valid document retention policy under ordinary circumstances."); Samsung Elecs. Co. v. Rambus, Inc., 439 F. Supp. 2d 524, 543 (E.D. Va. 2006) (citing Arthur Andersen).

When it comes to electronic documents, however, common document retention policies do not achieve their goal of preventing sensitive information from falling into the hands of others. That is because deleting an e-mail or electronic document does not actually remove that information from a computer. Instead, the deleted information remains there, typically on the computer's disk drive, until it is overwritten by other information. That may not happen for years -- or ever. In the meantime, that information may be recovered using software tools designed for recovering deleted information, and may be subject to discovery in legal proceedings. Thus, common document retention policies for e-mail and electronic documents are not completely effective or reliable. In effect, discarding electronic files by deleting them is equivalent to discarding paper documents by putting them in a large garbage bin located on the company's premises that is not regularly emptied. Such documents are plainly in the company's possession and may be subject to production in a legal proceeding. It is possible that such documents are no longer accessible (if, for example, the bin was emptied) or legible (if, for example, other garbage in the bin obscured portions of the documents), but there would, of course, be no guarantee that that is the case. Certainly, no prudent company would dispose of paper documents in that manner. But that is, in essence, how electronic documents are discarded -- i.e., in a manner that makes them potentially recoverable and producible.

DISCOVERY OF DELETED FILES
Damaging evidence has been found in deleted electronic documents and files in numerous cases. For example, in Plasse v. Tyco Elecs. Corp., forensic analysis revealed that the plaintiff had deleted numerous files that were potentially relevant to the lawsuit and had also backdated documents, leading the court to dismiss the plaintiff's case in its entirety. See Plasse v. Tyco Elecs. Corp., 448 F. Supp. 2d 302, 308-11 (D. Mass. 2006) ("Plaintiff has consistently demonstrated an unwillingness to proceed fairly and openly in this litigation, and has directly flouted this court's authority by destroying or modifying documents after the court specifically invited Defendant to obtain an inspection of Plaintiff's computer and disks.") (emphasis in original). In YCA, LLC v. Berry, forensic analysis of deleted electronic files established that the defendant had perjured himself in his sworn declarations to the court about having had no contact with a certain individual. See YCA, LLC v. Berry, No. 03 C 3116, 2004 U.S. Dist. LEXIS 8129, at *20-24, 22 (N.D. Ill. May 6, 2004) (awarding attorneys' fees to plaintiff as sanction where the court found that "documents recovered from [defendant's] computer ... [were] not remotely consistent with [defendant's] sworn statement [that] he had no conversations, e-mails, or anything like that' with Stevens ... "). In Anderson v. McBride, forensic officers were able to recover deleted computer images of child pornography, which led to a lengthy prison sentence for the defendant. See Anderson v. McBride, No. 2:05-CV-1089, 2006 WL 2468284, at *2 (S.D. Ohio Aug. 24, 2006). And in United States v. Tamez, forensic examination revealed that, contrary to the defendants' assertion that he only deleted his personal AOL screen name and password menu, "three entire AOL folders were deleted ... " United States v. Tamez, Nos. 06 Civ. 3111(DC), 03 Cr 1439(DC), 2006 WL 2854336, at *6 (S.D.N.Y. Oct. 5, 2006) ("The AOL files obviously contained information relating to the MPM Group, and he was intentionally seeking to destroy this evidence to interfere with the investigation.").

As the above examples demonstrate, deleting electronic documents or files does not actually remove that information from a computer -- and such documents or files may often be recovered through forensic analysis.

DISK WIPING
In order for a document retention policy to truly serve its intended purposes, electronic documents and e-mail must not only be deleted, but the underlying electronically stored information must be "wiped" clean. That involves overwriting the information in the electronic document or e-mail so that it can no longer be retrieved using file recovery software. That way, the goal of keeping sensitive information from getting into the hands of others is achieved. Software products that overwrite deleted files, making them unrecoverable, are readily available commercially. A document retention policy that includes both deleting and wiping electronic documents, however, is not without concerns.

First, to the authors' knowledge, the propriety of such a policy has never been tested in court. As a result, there may be a risk that a court may look unfavorably on the practice of discarding electronic information in a manner that makes it irretrievable. That risk, in the authors' opinions, appears to be minimal. Paper documents are routinely discarded in a manner that makes them irretrievable -- for example, by shredding, burning or delivery to the local dump -- and there is simply no principled reason for distinguishing between paper and electronic documents. In addition, courts have acknowledged that document retention policies are a perfectly acceptable corporate practice, even where the intent of the policy is to keep information out of the hands of others. See Arthur Andersen, 544 U.S. at 704; Samsung Elecs. Co. v. Rambus, Inc., 439 F. Supp. 2d 524, 543 (E.D. Va. 2006). That legitimate policy interest cannot, however, be achieved if electronically stored information cannot be wiped.

Second, if such a document retention policy is implemented, great care must be taken to immediately suspend that policy to preserve potentially relevant documents once a party has notice of, or should reasonably anticipate, litigation in which those documents may come into issue. See, e.g., Krumwiede v. Brighton Assocs., L.L.C., No. 05 C 3003, 2006 WL 1308629, at *8 (N.D. Ill. May 8, 2006) ("Once a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policy and put in place a litigation hold to ensure the preservation of relevant documents."); Wiginton v. Ellis, No. 02 C 6832, 2003 WL 22439865, at *7 (N.D. Ill. Oct. 27, 2003) ("once a party is on notice that specific relevant documents are scheduled to be destroyed according to a routine document retention policy, and the party does not act to prevent that destruction, at some point it has crossed the line between negligence and bad faith."). In that regard, courts have frequently sanctioned companies for destroying discoverable documents through the operation of document retention policies when a litigation hold should have been placed on those documents. For example, in Trigon Ins. Co. v. United States, the court permitted adverse inferences to be drawn regarding the testimony and credibility of the United States' experts, in view of the government's failure to preserve correspondence between those experts and consultants, including drafts of expert reports. See, e.g., Trigon Ins. Co. v. United States, 204 F.R.D. 277, 288-91 (E.D. Va. 2001). In so doing, the court in Trigon expressly rejected the government's excuse that the documents at issue were not deleted pursuant to a standard document retention policy: "The document retention policies of AGE do no trump the Federal Rules of Civil Procedure or requests by opposing counsel ... AGE's execution of a document retention policy that is at odds with the rules governing the conduct of litigation does not protect the United States from a finding of intentional destruction." (See Id. at 289); see also Lewy v. Remington Arms Co., 836 F.2d 1104, 1112 (8th Cir. 1988) ("a corporation cannot blindly destroy documents and expect to be shielded by a seemingly innocuous document retention policy"). Accordingly, destruction of documents pursuant to a document retention policy does not preclude a finding that documents were destroyed intentionally, and may result in sanctions for spoliation of evidence."

While courts have criticized and sanctioned companies for failing to suspend their document retention policies in view of actual or anticipated litigation even where no data wiping occurred, they are likely to be even less sympathetic to a company that "wipes" data as part of its policy. One factor a court considers in determining sanctions for spoliation of evidence is the harm caused to the other party. Krumwiede v. Brighton Assocs., L.L.C., No. 05 C 3003, 2006 WL 1308629, at *11 (N.D. Ill. May 8, 2006) ("In deciding between default and lesser sanctions, the Court considers (1) prejudice to Brighton, (2) prejudice to the judicial system, and (3) deterrence and punishment."). Where documents that have been deleted can be recovered, that harm is minimized, and courts have, in such cases, imposed correspondingly lighter sanctions. See e.g., Trigon, 204 F.R.D. at 291 ("Although preclusion might well have been an appropriate sanction for the conduct described above, it is not appropriate in perspective of the remedial measures that recovered significant segments of the spoliated evidence ... However, it is appropriate to draw adverse inferences ... ").

Where data wiping has been performed, however, data recovery is impossible. Therefore, the harm caused by the data wiping cannot be ameliorated and the spoliation sanction may, as a result, be much higher. In particular, courts have taken an especially dim view of parties that intentionally wipe material electronic documents and e-mail from their computers, even dismissing actions or imposing default judgments for such conduct. See e.g., Plasse v. Tyco Elecs. Corp., 448 F. Supp. 2d 302, 309 (D. Mass. 2006) (dismissing plaintiff's case: "Not only have these documents been rendered no longer accessible, but they have disappeared during a period when Plaintiff must have been aware of their relevance."); Krumwiede v. Brighton Assocs., L.L.C., No. 05 C 3003, 2006 WL 1308629, at *10-11 (N.D. Ill. May 8, 2006) (entering default judgment: "at least 111 files were deliberately deleted and overwritten and are no longer recoverable"); see also Metro. Opera Ass'n v. Local 100, Hotel Employees and Rest. Employees Int'l Union, 212 F.R.D. 178, 231 (S.D.N.Y. 2003) ("Plaintiff's motion for judgment as to liability against defendants and for additional sanctions in the form of attorneys' fees necessitated by the discovery abuse by defendants and their counsel is granted against defendants and their counsel."). Indeed, in Plasse v. Tyco Electronics Corp., the court, in dismissing the plaintiff's case for intentionally wiping electronic files, commented: "Plaintiff argues that the inaccessible documents are not relevant and their deletion would therefore be meaningless. As the documents have disappeared, the court is in no position to assess this claim; the systematic destruction of these documents certainly suggests otherwise. 448 F. Supp. 2d 302, 310 (D. Mass. 2006)."

While the failure to discontinue a document retention policy that includes data wiping does not evidence the same level of intent as in cases where actions are dismissed, courts may impose similarly harsh sanctions. Indeed, a court may justifiably reason that a company that implements a data wiping policy has a special duty to discontinue that policy in view of actual or anticipated litigation in order to ensure that no material information is destroyed, and should be sanctioned accordingly if it fails to do so."

It should be noted that electronic documents and e-mails are notoriously difficult to completely remove from a computer system, and data wiping may provide only a partial solution to discarding them as part of a document retention policy. For example, backup copies of documents and e-mails still may be accessible even after the original has been deleted and wiped. In addition, copies are created, sometimes in difficult to find temporary files, when documents are transmitted to others or accessed by software tools, such as word processing programs and the like. Also, metadata about an electronic document -- such as the document's name, its creation date and its modification dates -- may likewise still be available after the document has been deleted and wiped. Such metadata may reveal damaging information. See, e.g., Plasse v. Tyco Elecs. Corp., 448 F. Supp. 2d 302, 306 (D. Mass. 2006) ("'metadata' ... revealed that the retrieved file was accessed and modified on June 28, 2005, then deleted at some unknown date between June 28, 2005, and the date on which the computer was produced, July 26, 2005."). Procedures for eliminating or minimizing these additional sources of electronic information often go beyond the scope of a conventional document retention policy. They may require instead taking the goals of the desired document retention policy into account when designing the computer system.

CONCLUSION
At the end of the day, a company should implement policies that are rational. A document retention policy that includes automatically deleting e-mails and electronic files, without also wiping the underlying data in those e-mails and files, is, however, simply not rational. It does not achieve, with any degree of certainty, one of the primary goals of a document retention policy -- namely, to keep potentially sensitive information out of the hands of others. While courts have not specifically opined on the appropriateness of data wiping as part of a document retention policy, there is no reason to suspect that a court would find it improper. Certainly, a conclusion that it is proper to completely destroy paper documents as part of a document retention policy, but not electronic documents, makes no sense whatsoever. Accordingly, it would appear that data wiping should be part of a rational document retention policy, with the caveat that extreme care should be taken to immediately discontinue that policy to prevent the destruction of potentially relevant documents once a party has notice of, or should reasonably anticipate, litigation in which those documents may be at issue.

Kenneth L. Stein is a partner in the intellectual property practice at Jenner & Block LLP and is based in the firm's New York office. He concentrates in patent, trade secret and copyright litigation. His practice also includes patent opinions, licensing and intellectual property counseling. He can be reached at kstein@jenner.com. Richard H. An is a senior associate at the firm's New York office and also concentrates in patent, trade secret and copyright litigation. He can be reached at ran@jenner.com.

LINKS OF INTEREST

Above The Law
Find Law
Greedy Associates
JD Jive
JD Post
Nolo



LEGAL PUBLICATIONS

The American Lawyer
The Connecticut Law Tribune
Law.com
New York Law Journal

Privacy Policy | Terms Of Use | Disclaimer | Site map | Contact | © Temp Atty. All Rights Reserved.