Comment: Accidental Data Deletion Still Considered Spoliation

Tolson says one way to lower the risk of spoliation of evidence is to create verifiable discovery processes
Tolson says one way to lower the risk of spoliation of evidence is to create verifiable discovery processes

When litigation-based data management isn’t taken seriously dire consequences will occur.

When it comes to electronic discovery, if you fail to protect potentially relevant data and it’s destroyed, no matter the excuse, you have deprived the other side of their right to all relevant evidence to support their case and subsequently put them at a disadvantage.

What are your responsibilities when it comes to securing data that could be used against you in a current or future civil lawsuit? Judges today have little sympathy for accidental or shoddy data handling practices when it comes to protecting and turning over data in litigation.

Controlling your company’s information at all times is crucial if, or when, you get dragged into civil litigation. What is eDiscovery? Well, it’s not an afterhours team-building exercise. Electronic discovery (also called eDiscovery or Discovery) refers to any process (in any country) in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. The eDiscovery process can be carried out offline on a particular computer or it can be accomplished on a corporate network.

Since the new amendments to the Federal Rules of Civil Procedure (FRCP) were adopted in December 2006, judges expect that organizations in eDiscovery have complete control of their organization’s data and can fully respond to an eDiscovery request in days or weeks, not months or years.

For example, one customer I worked with not too long ago was surprised to find that they had 12 TB of unstructured data (probably three times more on custodian workstations) they had to protect and search through for responsive data, and they had 45 days to accomplish this feat.

By the way, 1 GB of storage can contain 10,000 to 70,000 pages of material. The average legally trained reviewer can review 40 to 60 pages of written material per hour to determine if the material is privileged or responsive to the case. Without an automated process to filter out duplicates and other non-reviewable electronically stored information (ESI), this customer was looking at reviewing, at a minimum, 120 million pages of records. I don’t think they would have accomplished this in the 45 days allowed.

Now factor in unmanaged custodian laptops and desktops (and all external storage connected to those machines). The aforementioned mentioned 12 TB of data is the easy part of this problem because the company at least knows where it is and can protect it from inadvertent or accidental deletions. In most cases, custodian-controlled data presents the highest risk to organizations in civil litigation. So, how can you be sure all deletions of potentially responsive ESI have stopped as soon as the litigation is reasonably anticipated?

In one recent case, while under a legal hold, employees inadvertently kept deleting their email. In eDiscovery this is known as spoliation or destruction of evidence, which most judges take a dim view of. This action usually leads to an adverse inference where the judge instructs the jury to assume the ESI was deleted, and the jury can view it because the litigant didn’t want them to see it. This usually means the side that deleted the ESI has lost the case and the only question now is how many zeros they will be writing on the settlement check.

You might be asking yourself: ‘So what? I’ll find what I can in the time allowed and not worry about what I don’t find.’ That strategy might work if the opposing counsel is totally unaware of the FRCP and has never read a newspaper before. But don’t count on it. The judge and opposing counsel will expect a well-documented and complete eDiscovery process. Telling the judge ‘you just didn’t know’ hasn’t worked for 40 years.

One way to lower this risk is to create verifiable discovery processes. This would include automation to reduce the time to respond and to ensure all ESI in an organization – including ESI directly on custodian equipment – can be centrally identified and managed quickly.

In a recent decision that illustrates the perils of accidental data deletion, the court ordered the company bringing the complaint, Rosenthal Collins Group, to pay $1 million in sanctions and ordered them to also pay the opposing counsel’s costs associated with the trial. The judge found that RCG’s agent had modified metadata and wiped several hard disks and other storage medium prior to turning the data over to the other side.

The judge determined that RCG and its counsel acted in bad faith during the discovery process and therefore ruled for the defendant and dismissed all charges against them.

The managing attorneys on either side are responsible to the court to ensure the discovery process is done correctly and in the timeframe expected by the court. The argument by RCG that they just didn’t know was seen by the judge as not meeting their responsibilities. A spoliation finding does not need to be purposeful – grossly negligent will also do.

In short, whether you’re the custodian of the data or simply have access to it – be sure to heed that ‘legal hold’ notice when it comes across. When you can reasonably anticipate litigation, even deleting a handful of emails you may think are not relevant could be a costly move.

Bill Tolson is the director of product marketing for archiving solutions at Autonomy, Inc., where he helps organizations with information governance, eDiscovery and archiving issues.

What’s hot on Infosecurity Magazine?