The Duty to Preserve ESI -- Do You Know What You Have to Do?

11/4/2010 COMMENTS (3)

Much has been written about the duty to preserve electronically stored information (ESI) --  it's expensive, challenging given the breadth of organization's IT infrastructures, and requires cooperation and communication among departments (legal, IT and records) that do not usually see each other as partners, but rather as clients.  Meeting the legal duties imposed by the Federal Rules of Civil Procedure to preserve, collect and produce ESI in litigation situations now requires a new way of thinking.  Why?  Because in order to meet the duty to preserve ESI (we'll focus on ESI here as paper is easier to get your hands around, literally), organizations have to do each of the following steps for each separate matter: 

1. To issue a written legal hold; 
2. To identify all of the key players in the matter and ensure that their paper and electronic records are preserved; 
3. To cease the deletion of email or to preserve the records of former employees that are in a party's possession, custody or control; and  
4. To preserve backup tapes when they are the sole source of relevant information or when they relate to key players, if the relevant information is not available from other sources.   

Those are the requirements outlined by U.S. District Judge Shira Sheindlin in her most recent highly publicized decision of Pension Committee v. Banc of America Securities, 685 F. Supp. 456 (S.D.N.Y. 2010).  In and of themselves, those steps don't seem that hard to implement.  (And they are not new -- she outlined them in the Zubulake cases in 2004.)  But they really represent a new way of approaching discovery -- thinking about it as soon as an organization has notice of a dispute, as opposed to waiting until they receive requests for the production of documents.  And why is that important?  Because 99 percent of the information created today is created electronically, and those electronic systems that store the ESI are sometimes set to overwrite it after a certain period of time.  If you don't identify it early on and take steps to preserve it, it may be gone.  And, if you're in federal court in New York, and you allow ESI to be deleted or destroyed after you are on notice to preserve it, you could be found grossly negligent and be subject to sanctions.  Just like the plaintiffs in Pension Committee. 

Email is the best example of how quickly ESI can be deleted.  The last numbers I saw (credits here to Sonian) put daily email traffic across the globe at 247 billion emails, with 24 percent of that belonging to the corporate sector.  Business users spend roughly one-fifth of their business day sending and receiving emails and deal with approximately 108 email messages per day.  The proliferation of email has led IT departments to take steps to manage email.  Do you have limits on the size of your email box?  Do items not removed from your inbox disappear after 90 days?  Those are a couple of examples of IT trying to manage email.  The quantities are vast and the number of places email can be stored by a user raises even bigger challenges.  Add that to the fact that email is the #1 type of ESI requested by opposing parties, and you can hear the dollar signs adding up.   

So, what does that have to do with the duty to preserve?  You need to know how your system is configured to understand how fast you have to move to make sure email is preserved when that duty arises.  If you have an email archive, that's one thing, but if you have multiple places users can store email, and no communication with IT about making sure regular email deletion is turned off for specific custodians when necessary, you may not be able to meet your preservation obligations.  Establish the relationship with IT, make sure they understand the legal obligations, and have a point person to communicate with when new custodians are added to the "do not delete" list.  Develop a policy for ensuring that custodians who leave the organization won't have their information "wiped" while they are on legal hold.   

All right -- you're with me now, and you've issued a written legal hold naming everyone who could have ever possibly touched or even thought about the deal that is the subject of the case.  You're covered, right?  Nope.  Judge Scheindlin, and numerous other judges across the country, require you to identify all the key players, understand what ESI they may have and take steps to preserve it.  That's right, you'll have to actually make some calls, interview some witnesses and learn what they have and preserve it.  To do that effectively, you need to understand where they could possibly store ESI on the infrastructure.  And the decision on how and what to preserve for each case will be different depending on the facts and circumstances involved.   

An employment case that involves five custodians who are life-long employees of the company in executive positions and will likely be resolved within a year might be treated differently than a class action that will go on for years with hundreds of named custodians who may or may not have ever created ESI related to the case.  Get a true picture of who the custodians need to be and preserve their data.  Do the leg work you used to do as the case dragged on for years -- but do it right away.  Why?  Two very good reasons -- 1) You will save your organization alot of time and money by preserving only the ESI that needs to be retained, instead of an overbroad presentation that costs a fortune to process, review and produce down the road, and 2) you won't have to worry about Judge Scheindlin sanctioning you for spoliation of ESI.