« Virtualization Security | Main | New Disclosure Rules for Medical Information »

March 13, 2009


Saqib Ali

Trent, I agree with you on this, as long as periodic data destruction is part of Information Lifecycle Management (ILM) at the organization. However, destroying data in the face of a e-discovery request is a BAD idea. e-discovery is serious business. Here are some guidelines:

1. An unprepared organization can be crippled with an e-discovery request. Advance planning early in the ILM can reduce or minimize e-Discovery pain.
2. Preserve all data (email, databases etc) that may be relevant, or which may lead to relevant evidence once you get a notice of e-discovery OR legal hold OR are aware of a pending litigation. Asking your lawyer for advice before taking any action is a good idea.
3. Don't wait to stop all automated relevant document deletion after an e-discovery notice has been received. Your duty to stop routine and systematic document destruction is triggered by the filing of a lawsuit (way in advance of discovery) and might under certain circumstances be triggered even in advance of a lawsuit.
4. Destroying evidence by mistake is like "killing your parents and then throwing yourself on the mercy of the court because you're an orphan" (Magistrate Facciola)
5. A digital record is no longer just a digital record, it is a potential evidence in a lawsuit.
6. Many companies tend to settle out of the court in fear of burdensome costs of litigation, now including e-discovery. However, Settlement is NOT Justice (Magistrate Facciola).

Knowing Disregard (i.e. purposely not learning (ignoring) about an unlawful activity) => is same as knowing and not disclosing.


I agree with you that we should log every information and data related to our business so that we could keep a track of every thing going with in the company or out side the company. We should always keep our confidential data safe and secure to maintain the privacy of the company.
Data of any business plays a key role in success for that business, so it is required to keep it safe and secure.

Ariel Silverstone


I could not agree with you more about not saving everything. Gone are the days when Information Security meant IT security. The name of the game now is Risk management. Having data kept forever not only increases chances of data leakage but is "asking" for added liability. Good guidelines on how long (and how) to store data are available and should be used by any thinking enterprise.

James Blake

On the whole this is an excellent post and retention of all data should be considered in the context of the organisation's record retention policy.

There are, however, three drivers for retaining internal records: regulatory compliance (where the retention period is often mandated); litigation preparedness (the length of retention will be dictated by the type and length of contract); and as supporting evidence for internal disciplinary action.

With regards litigation preparedness this can be quite an issue. I've known organisations who've made the decision that email between a partner in a law firm and his personal assistant was not of regulatory importance. Later when the personal assistance was made redundant she picked three emails out of context out of the tens-of-thousands they had sent to each other and claimed for sexual harassment - the law firm in question could not produce the other emails to show the context of the conversation and were successfully sued suffering a both a financial loss and harm to their reputation. Your records retention policy simply cannot predict things like this in our increasingly litigious society and it is better to cast the net wide than thin.

Within the United Kingdom we do not have such strong legal requirements for destruction so we are in a slightly better position to do this, but under UK law an email between two parties can form a binding contract or represent a deviation on an existing contract. With some contracts in the UK lasting centuries (for instance leases which can last up to nearly a millennium and Public-Private Partnership - contracts here schools and hospitals are built by the private sector and leased back to the public sector) organisations can face not only large quantities of data to retain, but the pain of discovery against such a large record set and problems with information archeology (the ability to read out-of-date record types, think WordStar version 1.0).

One of the solutions to the problems you've highlighted is the use of a cloud-based service for archiving, if you choose the right partner the storage management headache is taken away and some (including the company I work for, although I won't pimp it here) offer a flat per-user fee with no charge for the amount of data retained. We do also offer policy-based destruction for those jurisdictions that need to adhere to mandated records retention.

The thing to remember about email in particular is that you're only ever going to have one copy of it - deleting a record is never helpful in preventing litigation as at least one other person will always have a copy! Having a good evidential quality archive lets you prove tampering of evidence presented against you; allows timely discovery to establish whether your organisation is culpable; and provide context to any evidence presented against you.

So while I agree that you need a good well enforced records retention policy, I caution organisations to consider all contexts that the archive could be used in and not be driven by the costs of storage - and this statement is not lead by commercial motives, my organisation gets the same fees from our customers whether they're archiving 10 terrabytes a month or 10 megabytes and in fact it costs us more to hold it on behalf of our customers.

The comments to this entry are closed.

  • Burton Group Free Resources Stay Connected Stay Connected Stay Connected Stay Connected

Blog powered by Typepad