e-discovery 2.0

Part I of this series discussed a number of approaches for reducing electronic discovery costs.  One of the approaches is to implement a document retention policy.  The popularity of document retention policies increased in the early part of the decade with the passage of new financial regulation, such as Sarbanes-Oaxley.  Data retention policy popularity has now increased again with the passage of the FRCP and the recognition of the challenge of electronic discovery costs.  How effective, though, are document retention policies in reducing electronic discovery costs?  Do they solve the electronic discovery cost problem?

It is certainly true that any policy that enforces the deletion of documents that might otherwise be discoverable should reduce electronic discovery costs.  Thus, document retention policies, just like enforced mailbox size limits, can absolutely help reduce e-discovery costs.  However, implementing a retention policy is not easy.  A recent article in the New York Law Journal by Adam Rosman is very insightful in this regard when he says, “the rub is implementation.”   Mr. Rosman outlines a conversation between a hypothetical company’s Associate General Counsel and the CTO that demonstrates that the major challenge with retention policies is not designing one.  Rather, the challenge is implementing a policy that effectively balances the needs for litigation readiness and e-discovery, regulatory compliance and knowledge management and can be cost-effectively enforced throughout a company’s IT organization and user community.  Given this, it’s not surprising that a 2006 study by Nextpage and CXO research found that “while two-thirds of the companies surveyed have a document retention policy in effect, almost half of them don’t actively enforce it” and why 39% of respondents cited implementing a standard policy and 34% percent said user compliance were major weaknesses in implementing retention policies.

Because of these implementation challenges, retention policies are not a quick way to reduce your e-discovery costs.  They are also not going to reduce enough data to solve an organization’s e-discovery cost “problem.”  First, due to the implementation challenges, retention policies are not going to delete all the electronically stored information (ESI) they should.  Second, HIPAA, Sarbanes-Oaxley (SOX) and FINRA regulations require that many documents must be retained for several years.  Finally, business users will demand many exceptions: emails, loose files, collaboration content, financial records, contracts, etc. that they want to save beyond the retention period for important business reasons.  As a result, even companies with retention policies are going to have a substantial and growing amount of discoverable ESI and the electronic discovery costs that go with that.

Document retention policies thus are a bit like taking vitamins.  They are likely going to help reduce the amount of time you are sick – although you’ll probably find some “studies” that say they do help and some that don’t.  But when you get sick, they aren’t going to make you better.  For that, you need a remedy that directly targets the specific problem.  Similarly, document retention policies, and you can say the same thing about all information management solutions to e-discovery, will help reduce e-discovery costs, but they won’t solve the e-discovery cost problem.  Specific e-discovery solutions are necessary to do that.  We’ll discuss many of these specific e-discovery solutions in the next set of posts in this series.

I was at the Sedona Conference Working Group’s Mid Year meeting last week where 80 or so electronic discovery practitioners and judges met to discuss hot topics in bucolic Denver, Colorado.  Without getting into the particulars of any discussion, several themes continue to stay on the front burner, including the progress of the cooperation proclamation and the relatively newer issue of proportionality (as highlighted recently by The American College of Trial Lawyers Task Force on Discovery).

Aside from those overarching themes I was struck by how polarizing the discussion was around one recent case in particular.  While many notable commentators have already made this the most talked about cases of the year, Phillip M. Adams & Assoc., LLC v. Dell, Inc., 2009 WL 910801 (D. Utah Mar. 30, 2009) continues to stimulate discussion.   Adams v. Dell is a patent infringement case where the plaintiff, alleged that one of the defendants (ASUS) destroyed critical pieces of evidence and should be sanctioned accordingly.

The underlying facts and timelines are fairly complex, but in summary the dispute centered around the alleged infringement of several patents developed to resolve defects in floppy disks during in the late 80’s.  What makes this decision so vexing is that it starts out as a preservation case, but quickly confuses that concept with data retention and information management practices/policies.

So, starting with the preservation angle…  Both sides fortunately agreed about the definition for the duty to preserve evidence, which in the 10^th circuit begins when a party “knows or should know [it] is relevant to imminent or ongoing litigation.”  The triggering of the preservation duty was not surprisingly much more complicated and ASUS (the responding party) claimed that its duty to preserve wasn’t triggered until early 2005, when they received a letter warning it of potential litigation because of the alleged patent infringement.  But, the Magistrate held that “counsel’s letter is not the inviolable benchmark” and the duty to preserve was triggered much earlier (in the 1999-2000 time frame) because similar litigation was rampant in the industry, highlighted by a late 1999 suit where Toshiba paid billions of dollars in a class action settlement related to similar floppy disk issues.

Leaving the murky preservation issue by the wayside for a bit, the Magistrate then moved into ASUS’ claims that FRCP 37(e) provided a safe harbor for its alleged destruction.

“ASUS claims it can find a safe harbor against sanctions because of the recently adopted rule that sanctions may not be generally imposed for ‘failing to provide electronically stored information lost’ if a party can show the loss was ‘a result of the routine, good-faith operation of an electronic information system.’”

Nice try, but strike two for ASUS…

“ASUS provided an extensive declaration from an experienced consultant in e-discovery. While he stated the reasons for and history of ASUS’ ‘distributed information architecture,’ he did not state any opinion as to the reasonableness or good-faith in the system’s operation. And while he says ‘ASUSTeK’s data architecture relies predominantly on storage on individual user’s workstations,’ his 31-page declaration does not show he is familiar with the precise practices pointed out in the declarations of employees. Those employees’ declarations describe the practice of ASUS’ email system to overwrite old data regardless of its significance; ASUS’ reliance on employees for all email and data archiving; and the process of replacement of computers, which also relies on employees to transfer data from their old to their new computers. Neither the expert nor ASUS speak of archiving ‘policies;’ they speak of archiving ‘practices.’

The court’s distinction between “policies” and “practices” seems like a convenient (perhaps “Deus ex machina”) way to discount ASUS’ data retention activities and prevent the use of the FRCP 37(e) safe harbor.  Since in most instances, “bona fide, consistent and reasonable” document retention “policies” have been found to be presumptively valid by everyone ranging from Sedona (Guideline 3) to Carlucci v. Piper Aircraft Corp. and Arthur Andersen LLP v. United States, 125 S.Ct. 2129 (2005).  It’s not clear how he draws the important “practices” distinction and why said practices are exponentially different from presumptively valid “policies.”

It’s precisely this line of thinking that confuses the alleged failure of the duty to preserve (discussed at the outset of the opinion) with the duty to retain information.  The court seems to think it’s an “unreasonable” practice to have custodians responsible for compliance with data retention and this deficiency made the safe harbor unavailable.

“ASUS has explained that it has no centralized storage of electronic documents, email or otherwise, and relies on individual employees to archive email (which will be deleted if left on the server) and electronic documents (which reside only on individual workstations).”

Not only is this custodian-based retention practice, in and of itself, reasonable; it’s probably the most common form of data retention practices seen at corporations today.  While a number of vendors have promised intelligent retention systems that work without any significant human intervention, for the most part those solutions are still in their infancy.  Additionally, there are significant technical challenges to have an application manage *all* ESI (Electronically Stored Information) that exist for a given custodian (including desktop files, instant messaging, text messaging, social media, etc.) As such, most companies must inherently rely upon their custodians to both retain and preserve data pursuant to company policies.  The court not only seems to miss this point, but also attempts to impose an obligation that corporations must prevent the “loss of data” above and beyond specific preservation obligations.

“ASUS’ practices invite the abuse of rights of others, because the practices tend toward loss of data. The practices place operations-level employees in the position of deciding what information is relevant to the enterprise and its data retention needs. ASUS alone bears responsibility for the absence of evidence it would be expected to possess. While Adams has not shown ASUS mounted a destructive effort aimed at evidence affecting Adams or at evidence of ASUS’ wrongful use of intellectual property, it is clear that ASUS’ lack of a retention policy and irresponsible data retention practices are responsible for the loss of significant data.”

Although the exact rationale was unclear, the court held that ASUS violated their duty to preserve and that the loss of evidence could not be excused as a “routine, good faith operation of electronic information systems.” While the court ruled that sanctions were appropriate, it reserved final sanctions pending the close of discovery.   Depending on what those ultimate sanctions look like, it seems pretty likely that this decision will be subject to appellate review.  Until then, it’s probably too soon to treat this questionable holding as gospel.  Wary corporations however should continue to bolster the “reasonableness” of their information management/retention/destruction policies and practices so that in hindsight a court won’t be able to take away the FRCP 37(e) safe harbor by casting those “practices” as being unreasonable.