February 14, 2012

The age of technology has brought about many good things. The  ability to search, find, save and retrieve information in a flash has made us  more efficient in many ways.

But, it has also opened us up to risks we may not have  anticipated.

For years, businesses have dealt with the necessity of record  retention. There are rules and regulations in many fields about how long  certain types of information should be kept.

computer files magnifying glassIt has always been good practice to establish and adhere to an  official record retention policy, but that is even more critical today because  of a concept called e-discovery.
E-discovery refers to the search and retrieval of electronic  information for use in civil or criminal proceedings. Think about it. Every  email, Word document, spreadsheet, text message, Tweet, calendar entry – the  list goes on – could be subjected to e-discovery if you or your company was  ever party to a dispute.

You don’t necessarily even have to be the main parties named in  the dispute. Your records could be subpoenaed if you have any relevant  connection to a third party’s dispute.

This concept presents several serious issues that bear  consideration:

Quantity  of data available.  Because electronic records are so easy and  inexpensive to keep, many companies never purge their electronic libraries of  files. This means that years and years of data could be accessible if requested  for a legal purpose. If it is accessible, you’ll most likely be required to  make it available. For instance, a litigant might subpoena all electronic  documents dealing with a certain customer or transaction file that covered  several years. The task of locating and retrieving that data would be  cumbersome and expensive.

Type  of data available.  Technology changes over time, and our ability to  retrieve information from old programs is sometimes difficult. However, if we  have kept the data, on a backup tape for instance, we may have to make it available  to the party requesting it. That means finding a way to retrieve it and make it  readable for the other party. This could be time-consuming and expensive.

Informality  of data available. Many of the electronic files that may be requested are informal files  like emails, text messages, IM’s and so on. Often, the language used in those  communications is less precise and sometimes lax. Because the “conversations”  are documented as electronic files, they are discoverable and can be damaging  in many cases.

Permanence of data available. Electronic files are difficult to destroy. Even deleting  a file doesn’t completely destroy it and make it inaccessible in e-discovery. A  computer forensics expert can access deleted files from hard drives with  relative ease. If the data was also stored on a server, it can be accessed from  there. Messages that were sent to others, like emails, are available from their  computers. The metadata also can be problematic. (Metadata consists of the  tags, dates, change notations, etc., that a computer records about the files it  stores.) Even without opening a specific file, much can be learned about it.

Another complicating factor in this e-discovery puzzle is that  this data becomes relevant as soon as a dispute arises. The knee-jerk reaction  of many people, when alerted to a problem, is to start deleting electronic  files, thinking them to be private and untraceable. This is unwise because you  have a duty to preserve such data if you are aware of the dispute.

In fact, particular steps should be taken to be sure the data is  preserved, like changing automatic record-deletion settings on computers or  scheduled destruction of backup tapes that contain relevant data.

Even turning on a computer that has relevant information can  change the metadata related to the dispute. In some cases, that could be  considered tampering with evidence. Of course, if any legal issue arises, you  should contact your attorney at once for specific counsel on the matter at  hand.

Failure to preserve data can be a very serious matter. In some  cases, a judge may instruct the jury to assume you destroyed data on purpose  because it would have been damning in nature. This is referred to as  “spoliation” and can do serious damage to an individual’s case.

In other instances, failure to preserve data could result in  dismissal of a case to the detriment of the party that compromised the data.  In short, it is unwise to do anything that would delete evidence, once an issue has been made known.

And that brings us back to the initial advice of this article.  Companies should have a well-documented and well-implemented record retention  policy that includes all of the electronic data produced. This is a complex  issue that should be well-thought out and rigorously enforced.

Failure  to address this issue could cost your company time, money, reputation and more.

This article was originally posted on February 14, 2012 and the information may no longer be current. For questions, please contact GRF CPAs & Advisors at marketing@grfcpa.com.