Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Businesses Generally Ignoring E-Discovery Rules

Zonk posted more than 6 years ago | from the going-to-get-messy dept.

Privacy 109

eweekhickins writes "A full year after the institution of new federal e-discovery court rules, only a minority of companies are paying attention. Keeping track of every IM, email, and document for a court order that may never come must seem like a tall order. Researcher Michael Osterman said that only 47 percent of companies have some kind of e-mail retention policy in place. 'I don't think it's difficult to understand the rules,' Osterman told eWEEK. 'I just think that it sometimes takes headline shock to make people move on some things.'"

cancel ×

109 comments

Apparently it doesnt hurt them enough (2, Funny)

sethstorm (512897) | more than 6 years ago | (#21740250)

Time to raise the penalties for violations - and close off any foreign country escape route from this regulation.

Ignore The Law: I AM the judicial branch (3, Funny)

Anonymous Coward | more than 6 years ago | (#21740476)


'cause I [whitehouse.org] do.

Cheers,
W

Re:Apparently it doesnt hurt them enough (3, Insightful)

plague3106 (71849) | more than 6 years ago | (#21740528)

How about it's a stupid law and is being rightfully ignored? Ya, that's it. It places an undo burden on business, and really, they're being asked to keep evidence which may incriminate them. Might as well ask a rapist to keep detailed records too so they can be subpoenaed.

Re:Apparently it doesnt hurt them enough (2, Funny)

rootofevil (188401) | more than 6 years ago | (#21740712)

oh to have the burden of the undo! i should be so afflicted...

undue burdens on the other hand, those are just not cool.

Re:Apparently it doesnt hurt them enough (1, Funny)

Anonymous Coward | more than 6 years ago | (#21741766)

The "undo burden" is when your finger gets really tired from hitting ^z

why not just record our thoughts "for the record"? (3, Insightful)

HelloKitty (71619) | more than 6 years ago | (#21742590)

while we're at it, maybe I should record all conversations I have too. just in case someone wants to know what I've been saying. you just never know.

and my brain waves too. just in case some lawyer needs to see if I was thinking impure thoughts over the last year.

I think we could all accept an implanted recording device in our skulls, don't you?

Re:Apparently it doesnt hurt them enough (1)

cayenne8 (626475) | more than 6 years ago | (#21743416)

"How about it's a stupid law and is being rightfully ignored? Ya, that's it. It places an undo burden on business, and really, they're being asked to keep evidence which may incriminate them. Might as well ask a rapist to keep detailed records too so they can be subpoenaed."

I must have missed the first /. posting on this...it is news to me. I scanned over the old article, but, couldn't find WHAT all businesses are subject to this. This places a realy undue burden on small businesses. A small business has enough to worry with with trying to drum up customers and opportunities, not to mention all the paperwork required for state labor requirements, state and federal taxes...etc.

Things like an email server, and having storage for all kinds of back up of potential evidence, just isn't in the cards really.

Not to mention, I'd venture to guess that MOST small businesses in the US, have not heard about this new requirement at all.

Ones being investigated for a crime. (4, Informative)

pavon (30274) | more than 6 years ago | (#21745048)

This ruling is about what is and isn't considered destruction of evidence in a court case. The only business which may be required to retain more data that they already would are those who are being investigated for a crime. There are two parts.

The first deals with data deleted prior to the start of an investigation. Basically if you have an data retention plan that states how long you keep documents for, and you follow that plan, then you cannot be charged with destruction of evidence. On the other hand if a bunch of documents relevant to an investigation just happen to be deleted in a manner that deviates from your normal behavior, then you can be.

It doesn't matter what the plan is - it could be that you delete emails from the server immediately after they are download, or you can back them up for eternity, or anything in between - it is entirely up to you. For the sake of CYA, it is a good idea to have this policy documented, and to make sure it is followed closely, but you are not required by law to do so.

The second part gives judges the ability to require companies to retain data relevant to an investigation that would otherwise be deleted as part of their normal data retention policy. This requires a court order, and is no different from dead-tree requirements. Again, you are not required by law to have a plan in place to do this, however, it is good idea to think about it so that you aren't scrambling to figure out how to deal with it if you ever are investigated.

Re:Apparently it doesnt hurt them enough (1)

tjstork (137384) | more than 6 years ago | (#21740574)

violations - and close off any foreign country escape route from this regulation.

So, does this also mean that you would support my call for the Death Penalty for spammers? If I supported the Death Penalty for non-compliance in discovery, and you supported the Death Penalty for spammers, we could eliminate corporate evil and spammers. Heck, why not have the Death Penalty for DUI and Rape. We would have the perfect society, at least until we killed a shitpot full of people and still got spam from evil corporations and got raped by a drunk driver on the way home.

This sort of thinking is just stupid.

The problem with society is that there are so many laws that it undermines the public trust, in well, the public.

Re:Apparently it doesnt hurt them enough (2, Funny)

jo42 (227475) | more than 6 years ago | (#21742468)

GWB, is that you? And, just what did happen to all those Whitehouse emails..?

It's not ignorance. (1)

Prysorra (1040518) | more than 6 years ago | (#21740270)

They just don't care. In fact, I commend them for it.

Wow, that's a rare sentiment for companies coming from me.

Or Maybe (2, Interesting)

Atomm (945911) | more than 6 years ago | (#21740274)

it is a bad law that failed to consider the impact it would have on business to actually implement the requirements.

Re:Or Maybe (1)

eln (21727) | more than 6 years ago | (#21740382)

It also constitutes cruel and unusual punishment for those poor paralegals who have to sift through all this crap during discovery.

More business for lawyers (4, Insightful)

wsanders (114993) | more than 6 years ago | (#21740394)

You inconsiderate clod, it creates nothing but opportunity for lawyers to charge endless fees for e-discovery. Imagine the new volumes of information available for them to charge $500 an hour to sift through! And if they can charge $1.50 per page to make copies of documents, imagine how much they can markup deleted email recovery services! And the damage awards they can demand from corporation-hating juries for failure to retain data that may or may not have any relevance to the case at hand.

The opportunities are endless!

Re:More business for lawyers (2, Informative)

Arguendo (931986) | more than 6 years ago | (#21745172)

Actually, speaking as one lawyer who has had to sift through way too much e-discovery, I can tell you uncategorically that, no, we do not like earning fees sifting through your emails to co-workers about about the latest website or your boss's new haircut.

PLEASE, PLEASE, PLEASE create a regular document retention policy that mandates the deletion of all unnecessary emails and other e-documents on a regular basis. You CAN delete these files and you should. But if you wait until the lawsuit is filed, it's too late - and now we have to wade through all this crap. That's the point.

Re:Or Maybe (1)

GiMP (10923) | more than 6 years ago | (#21740494)

Exactly.. what is the actual cost of this? What if a company's currently stored documents already reaches into hundreds of terabytes? I haven't looked into the law, but what about ISPs, email hosting providers? Does google need to store every email that has ever been stored on their servers? What about Yahoo, which often removes emails from user's inboxes automatically after a certain amount of time? Heck, what about standard hosting providers -- if someone bypasses your quotas and uploads a terabyte of video, do you need to retain that? Maybe there are exceptions to these issues, and if so, great... but it seems that there are too many exceptions needed.

If companies need retention to this extent, you will either see bankruptcy or non-compliance.

Re:Or Maybe (1)

Cally (10873) | more than 6 years ago | (#21741142)

You put forward a persuasive case outlining the shortcomings of requiring email retention. How, then, would you propose that corporate communications with bearing on matters which come to court are given protected status, to ensure that (eg) companies indulging in outrageous deliberate corporate malfeasance - Enron stylee, let's say - can't have a digital shredding party once a month and walk free when the cops arrive? You're not proposing we give up attempting to regulate commerce through commercial law, I take it?

Re:Or Maybe (0)

Anonymous Coward | more than 6 years ago | (#21741572)

The thing is, when everyone knows that the systems are being monitored and archived, the systems will just be bypassed. Communications of illegal dealings will be outsourced to foreign mail services, for example. Documents can be similarly stored that way.

Regulation isn't bad, stupid regulations are.

Re:Or Maybe (0)

Anonymous Coward | more than 6 years ago | (#21741748)

> Communications of illegal dealings will be outsourced to foreign mail services, for example.

I can see you're a really die-hard Slashdotter. Never heard of face-to-face meetings, eh?

Re:Or Maybe (1)

andy_t_roo (912592) | more than 6 years ago | (#21745766)

of course, all you need is skype and a video camera

Internal insight not necessary to regulate. (2, Informative)

Kadin2048 (468275) | more than 6 years ago | (#21742044)

You could just stop caring about internal documents and eliminate or change the laws that depend on them. Treat the corporation as a 'black box,' in other words.

I'm not sure why we should really give a shit about what goes on inside a company. What matters is what it does. If a corporation does something bad, punish it. I don't really care, and I don't think it should matter, whether people in the corporation "knew" what they were doing was bad, and that's mainly what the retention laws are all about. They exist in order to make it easier to pin down when so-and-so knew something. If you just tell companies you don't care, and enforce rigorous strict-liability doctrine (on the corporation -- I don't really agree with strict liability as applied to individuals, but that's a separate discussion), you can leave the internal policing to the corporations themselves.

The idea is that basically, you make the corporations responsible for the actions their employees take in their name and the results of those actions, whether intentional or not, and whether the harm was foreseeable or not. Leave it up to them to decide how they want to manage risk and how much freedom they want to give employees to act without authorization.

I don't really see why we need to peer into companies in order to regulate them. If a company wants to keep its financial records in cuneiform impressed on wads of sodden toilet paper, that's fine by me. The market will punish them for it when nobody wants to buy their stock because there's no way to gain any insight into their performance. Maybe the stock exchanges would even enforce minimum accounting standards for listed companies, as a way of keeping the crap out. But caveat emptor -- do your own research, and don't come whining to anyone else if you put all your money into a company that implodes. If you want secure investments, that's what savings accounts are for.

Similarly, if a company pollutes or otherwise externalizes costs on the public, punish it. If they don't cough up payment for the externality, forcibly seize whatever physical assets they have under their direct control and sell them at auction.

I can train my dog without knowing exactly what's going on in his head every moment; that's exactly the philosophy I'd apply to corporate governance. Reward good overall corporate behavior, punish overall bad behavior with meaningful sanctions (asset forfeiture and seizure), and let them do whatever the hell they want internally.

Re:Internal insight not necessary to regulate. (2, Insightful)

Cally (10873) | more than 6 years ago | (#21742488)

I'm not sure why we should really give a shit about what goes on inside a company. What matters is what it does.
Well IANAL so I can't give you a formal answer to that. However it doesn't take much thought to imagine a scenario where whether or not people inside the company knew certain things or not, and when they knew them, has significance regarding how long people go to jail, how much the company's fined, or whatever. As a random though experiment, supposing the wing falls off the fancy new Airbus super-jumbo and 800 people end up getting their 15 minutes of fame in the form of charred shreds of flesh hanging from scorched trees, Paris '74 style. That would be bad, and clearly a lot of questions would be asked, like "why did the wing fall off?" Supposing the investigators find it was a known design weakness and that senior management had deliberately suppressed internal whistle-blowers who tried to flag it as potentially dangerous. In those circumstances, obviously you want those in the know doing 10-30 for each life lost. OTOH, if the failure mode were due to some exotic combination of novel materials and a sequence of unexpected and completely unpredictable events, and world-class engineers universally failed to predict or imagine such an event happening, then it would be rather unfair to clap the Board in irons for negligence. That's why corps can't be black boxes.

On a completely unrelated note I finally found where your sig comes from last night, and all I can say is: bite my splintery wooden ass!

Re:Internal insight not necessary to regulate. (1)

TooMuchToDo (882796) | more than 6 years ago | (#21743766)

Funny thing. I've always remembered his/her sig (as they post quite frequently on /.), and chuckled when I finally saw the Futurama episode the quote comes from.

Re:Internal insight not necessary to regulate. (1)

Cally (10873) | more than 6 years ago | (#21743954)

well, yes, me too of course.

Re:Or Maybe (1)

GiMP (10923) | more than 6 years ago | (#21746574)

Companies do not need to retain a copy of every piece of paper sent or received, why make them store the digital equivalents? If they receive a letter from an outside party, they're not required to keep a copy. Moreover, private companies that act as common carriers, such as UPS and Fedex, do not need to maintain a copy of every document that they provide temporary storage for. While it would be much more difficult for UPS and Fedex to produce copies, they too would have significant problems providing the necessary storage for such copies.

Requiring companies to maintain copies of all internal memorandums, reports, and manuals would be one thing... to require companies to maintain logs of all communications would fail as a dead-end law, as it is either too expensive or impossible to implement.

Re:Or Maybe (1)

nospam007 (722110) | more than 6 years ago | (#21744426)

... Does google need to store every email that has ever been stored on their servers?

___
They do and additionally every newsgroup post.
Perhaps business will switch to gmail exactly for that reason?

Re:Or Maybe (1)

Zordak (123132) | more than 6 years ago | (#21740618)

Or maybe it's not a "law" at all, but rather the Federal Rules of Civil Procedure, which only apply to parties in litigation in Federal court (or at the very most, those who reasonably anticipate they will be in litigation in federal court for a specific matter). Really, I don't see the story here. The new e-discovery rules do not impose onerous requirements on all businesses. They just prevent you from dumping data when you have that "Oh, crap, we're gonna get sued for this" moment.

Privacy? (1)

noidentity (188756) | more than 6 years ago | (#21740300)

Why is this tagged privacy? This applies to businesses, not people.

Re:Privacy? (2, Insightful)

Bryansix (761547) | more than 6 years ago | (#21740374)

Because people have a certain expectation of privacy in email communications even though they shouldn't if the email account is a work email account. Also workplaces ready chat is kind of sketchy. My work used to do it. Not anymore.

Re:Privacy? (1)

mr_mischief (456295) | more than 6 years ago | (#21740430)

What business I conduct and with whom is proprietary information, and very much private. My client list is worth money to me, and what services I'm performing for those clients is worth even more. It's not public, and it would be worth a good deal to my competition. I might also discuss other things with my business partner, such as future marketing plans. Those are private as well.

What the government wants is a complete record of everything, in case you might have evidence that could convict you of something you may have done, or in case it supports a civil case against you. Deleting proprietary information or spam email, or the occasional dirty joke that goes around the office, is not destroying evidence if it wasn't evidence of anything. There's no right granted to the government by the Constitution of the United States saying they can require you to produce a record of every communication you've had. In fact, just the opposite is true. You're supposed to be secure in your person, papers, and effects against unreasonable search and seizure. Making me save a conversation about whether to have Italian or Greek for lunch in case it needs to be searched for nefarious motives later is an undue burden.

Re:Privacy? (1)

overunderunderdone (521462) | more than 6 years ago | (#21740492)

And businesses are owned, operated and staffed by what?

Re:Privacy? (0)

Anonymous Coward | more than 6 years ago | (#21740552)

well if they are publicly traded.. EVERYONE

Re:Privacy? (0, Offtopic)

gardyloo (512791) | more than 6 years ago | (#21740558)

VILLAGER #1:
        Bread!
VILLAGER #2:
        Apples!
VILLAGER #3:
        Uh, very small rocks!
VILLAGER #1:
        Cider!
VILLAGER #2:
        Uh, gra-- gravy!
VILLAGER #1:
        Cherries!
VILLAGER #2:
        Mud!
VILLAGER #3:
        Uh, churches! Churches!
VILLAGER #2:
        Lead! Lead!
ARTHUR:
        A duck!
  CROWD:
        Oooh.

Re:Privacy? (4, Funny)

Billosaur (927319) | more than 6 years ago | (#21740718)

More like...

Auditor: It's not much of a mail server, isn't it?

Sysadmin: Oh yes, sir, finest in the company sir!

Auditor: Explain the logic underlying that conclusion, please.

Sysadmin: Well, it's so clean, sir.

Auditor: It's certainly uncontaminated by email.

Sysadmin: You haven't asked me about IMs, sir.

Auditor: Is it worth it?

Sysadmin: Could be.

Re:Privacy? (1)

gardyloo (512791) | more than 6 years ago | (#21740776)

That figures. Predictable really, I suppose. It was an act of purest optimism to have posed the question in the first place.

Re:Privacy? (1)

Lord of Hyphens (975895) | more than 6 years ago | (#21740868)

Pinheads, drones, and more drones? (cymbal crash)

I'm here all week, ladies and gentlemen.

Re:Privacy? (1)

Brian See (11276) | more than 6 years ago | (#21742100)

"noidentity" said: Why is this tagged privacy? This applies to businesses, not people.

That statement is flat-out wrong. The Federal Rules of Civil Procedure apply to parties who are the subject of lawsuits (or third party subpoenas). It's often companies, but theu can apply to individuals, too.

In many of the RIAA lawsuits, defendants have gotten into trouble for deleting information on the computers -- i.e., information which the RIAA contended was evidence that they were illegally sharing files.

Most lawyers would agree that if an individual is sued by the RIAA, they cannot hand their home computer off to the guy at Best Buy and have him replace the hard drive.

Re:Privacy? (1)

noidentity (188756) | more than 6 years ago | (#21743574)

I think we're talking about two different things now. On the one hand, businesses being required to keep records communications for some number of months/years before deleting them. On the other, deletion of evidence after you become aware that you might be in court soon. Obviously the latter applies to everyone, not just businesses.

Is this ALL companies (2, Interesting)

doroshjt (1044472) | more than 6 years ago | (#21740306)

Is law for all companies or just Public corporations? Seems an excessive burden to put on small businesses?

Re:Is this ALL companies (1)

DRAGONWEEZEL (125809) | more than 6 years ago | (#21740400)

I have not read the law and don't know who it pertains to, but if it did pertain to all business large and small, then yes, it is an excessive burden. Having a document repository doesn't just mean a spare hardrive. You have to have security measures (pretty extreme ones if it were my company) in order to maintain a constantly updated archive that doesn't give away your business secrets to the outside world. Especially if your growing, and moreso if your doing any kind of computer related work.

Some small companies don't profit the owner enough to worry about this when they have mouths to feed.

hello? gmail... (0)

Anonymous Coward | more than 6 years ago | (#21740630)

They give you, like, a gigabyte of storage. That should be enough for anybody.

Re:hello? gmail... (1)

Cally (10873) | more than 6 years ago | (#21741328)

Make that 5 gig.

You are currently using 305 MB (5%) of your 5837 MB.

Re:hello? gmail... (1)

DRAGONWEEZEL (125809) | more than 6 years ago | (#21742494)

Hello TOS?

I am pretty sure that the TOS says that they can stop offering their services for free at anytime. This is not a risk I would take with company data. Despite the fact that google may not be evil, they may not be wholly richeous either.

Besides, imagine that now you have been summoned, and have to produce all those documents, are you going to log into google and click download for each one?

Re:hello? gmail... (1)

Todd Knarr (15451) | more than 6 years ago | (#21746094)

Worse, Google's TOS do not as far as I can tell relieve you of discovery obligations. So if you're sued and Google shuts down or purges your messages after that point, you're still on the hook to produce them. You can't even argue that it wasn't your fault, since you could reasonable have foreseen this (it's right there in the TOS you agreed to) and you failed to take reasonable steps (eg. making your own copies of your messages) to prevent the destruction.

Note that this isn't specific to Google, it's a generic problem when you outsource handling of data or allow anyone outside the company to have control over it's existence. You remember all those corporate e-mail systems that purport to use DRM to allow you to exercise control over what the recipient can do and how long they can keep the message? Turn that around and think about what happens when someone else uses that to time-expire a message that you've a legal obligation to retain.

Re:Is this ALL companies (1)

Todd Knarr (15451) | more than 6 years ago | (#21741264)

Actually it applies not just to all businesses but to all entities that have been sued. Even individuals. Once you are sued or are aware you will be sued, you must retain all relevant material and turn it over during discovery. This isn't new, this has been the rule for the last century or so. What's new is things like e-mail and instant messaging, and companies going "Oh, that was done in IM, we don't keep records of that.". The e-discovery rules are merely the courts going "You knew you were being sued, you knew those exchanges were relevant to the suit, it's possible to retain a record of them without being an undue burden, you don't get a pass just because it's bits instead of bits of paper.".

Re:Is this ALL companies (1)

Intron (870560) | more than 6 years ago | (#21741954)

The problem is that the law also applies to anyone who might be sued, which is everybody. A shareholder sues you because their stock lost $1 based on some bad decision that you made (like buying an email backup system). When their lawyer asks you for the data that you have already wiped, it's too late to say "I didn't think that anyone would ask about that."

Re:Is this ALL companies (1)

elBart0 (444317) | more than 6 years ago | (#21744052)

I think that you may be confused.

If you deleted the data, in the normal course of business, prior to being sued, you're fine. It's perfectly acceptable to delete records every N months, _if it's in your document retention policy_ and there is no legal obligation to retain the data (such as EEO).
If you delete the data, after the suit has been filed, and it may pertain to the lawsuit in someway, you've broken the law.
If you have back ups, you're not allowed to dump them, once you've been sued.

Basically, once there's a law suit (or you may believe you will be sued), you have an obligation to retain documents, backups, email, etc.

Re:Is this ALL companies (1)

DRAGONWEEZEL (125809) | more than 6 years ago | (#21742368)

That is my point!

Everyone can be sued, most will be at some time in their life. Hell, even I am in the middle of arbitration at the moment, but it is a minor personal matter. I digress...

If a small business have to maintain records for everything, each transaction, who made it, etc... and have it backed up regularly, it will cut into productive time. A business of 3 people loosing a 1 man hour a week IS SUBSTANTIAL. that's 4 hrs / month and 48 hrs a year on top of an allready slim margin. Think of a local store. If they don't go into the black until black friday, now push that back another 4 days or so... massive proffit loss.

I understand the legal needs for this. But I think it's silly for the government to say do this, but not offer a "how to" for small business.

The law should be overturned (3, Insightful)

Bryansix (761547) | more than 6 years ago | (#21740352)

The law is burdensome on businesses. Keeping track of email is one thing. Keeping all communication archived is ridiculous. We just came up with a solution to archiving email so we can finally delete some mailboxes off of our exchange boxes. My co-worker just wanted to purge the boxes and not back them up. I convinced him that even if this law didn't exist the mail may be useful for us in a court case so it would be worth keeping.

Now we used to use Spector 360 which would satify this ridiculously overbroad law. The software is nuts though and opens all kinds of issues like keeping the data secure since it captures all keystrokes and so people may have CC#, SSN or bank account numbers in their database records kept by this program.
When we moved we stopped using the program.

Re:The law should be overturned (2, Informative)

Zordak (123132) | more than 6 years ago | (#21740708)

This "law" should not be "overturned." It is not a "law." It is Rules of Civil Procedure for parties in litigation in Federal court. You can read them here [house.gov] . The rule you want is R. 34.

This post does not constitute legal advice and is not endorsed by Jackson Walker LLP

Re:The law should be overturned (1)

Zordak (123132) | more than 6 years ago | (#21740876)

I should also mention that R. 37 has a safe harbor provision. "Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system." If your normal policy is to dump certain stuff at certain times, you won't get smacked unless it looks like you did it in bad faith (e.g., implemented the policy to screw adverse litigants or something).

Re:The law should be overturned (1)

Brian See (11276) | more than 6 years ago | (#21742446)

Regarding the Rule 37 "safe harbor", it's really not very helpful to most litigants, because, "Good faith in the routine operation of an information system may involve a party's intervention to modify or supsend certain fe atures of that routine operation in order to prevent the loss of information, if that information is subject to a preservation obligation." See Advisory Committee Notes to Rule 37(f).

So if your normal policy is that some "automatic" routine operates to delete potentially relevant (and "accessible") information, your opponent will argue that you're not acting in good faith if, upon reasonable anticipation of litigation, you didn't take action to suspend that automatic routine.

IAAL, but IANYL.

Re:The law should be overturned (1)

Zordak (123132) | more than 6 years ago | (#21742624)

I agree, but that's still only upon reasonable anticipation of litigation. R. 37 is protecting a business from getting hit with sanctions for just going about their business before they know they're getting sued. And that date is even self-policing in many cases. On one hand, the litigant may want to postpone the date of reasonable anticipation to postpone the duty to preserve. On the other hand, the same litigant often wants to make the date of reasonable anticipation early so he/she/it can claim privilege on the e-mails that say stuff like "Help! We screwed up!"

Re:The law should be overturned (1)

darkmeridian (119044) | more than 6 years ago | (#21742286)

This post evinces a basic misunderstanding of your obligations under this new rule. A company that is not sued or is not reasonably anticipating a lawsuit may have a data retention policy, which is commonly "we destroy all e-mails after ninety days, and we do not keep any backups." Once they are sued or notified of a suit, then they have to suspend that policy and keep the e-mails and electronic documents created by the relevant executives and employees. The company has a problem only if the data destruction policy is not uniformly followed and bad e-mails just suddenly disappear. (Note to bad people: if you e-mail a smoking gun document to another company, you should produce it because the other side will know it exists.)

Re:The law should be overturned (1)

Bryansix (761547) | more than 6 years ago | (#21742530)

Right, I didn't understand how the ruls applied. Thanks for the info. I wonder how this works for companies who are always being sued at all times.

the FRCP (5, Informative)

theMerovingian (722983) | more than 6 years ago | (#21740372)


The Federal Rules of Civil Procedure are being grossly mischaracterized here. The main purpose of the changes is to make it so companies can't intentionally obfuscate their data storage in order either 1) increase the timeline for digital discovery; or 2) increase the costs (especially to the non-business plaintiff) for digital discovery.

The FRCP are not a set of regulations to govern businesses, it just means that parties with digital information will bear the burden to produce it in the event of a lawsuit. Depending on the frequency with which your company is sued, it may or may not be a good idea to make it faster to access your backups.

You aren't under an obligation to save all electronic corresponce unless you are in a heavily regulated industry with special rules requiring that. However, anyone who deletes or destroys documents once a court order has been issued is in pretty big trouble if they get caught. This has been true long before the advent of email.

IMPORTANT NOTE: I am not a lawyer, this is not legal advice, there is no formation of attorney client privilege, this does not serve as an offer to represent you, your family, or anyone you have ever met, consult the advice of a licensed attorney in your jurisdiction before taking any action, the forgoing is for informational and educational purposes only, and any and all warranties inherent in this post whether express or implied are hereby disclaimed.

Re:the FRCP (1, Funny)

Anonymous Coward | more than 6 years ago | (#21740526)

IMPORTANT NOTE: I am not a lawyer...

But apparently you know one seesh.

*Anonymous Coward is not responsible for anything ever. Other than the standard issue trolling of which this comment is not. Some restrictions apply, void where prohibited.

In other words (1)

Sycraft-fu (314770) | more than 6 years ago | (#21740676)

It doesn't so much matter what your policy is, so long as your policy is consistent. If your policy is that e-mails are kept for one week and then deleted, that's ok. What is not ok is if you normally keep e-mails for a year, but then suddenly delete everything older when you get sued. There aren't any over all rules for what your retention has to be, however you can't change your policies to try and avoid handing over data.

So if your policy is that nothing gets kept, you have no backups, no retention, you are ok, that's fine. However you don't get to keep backups of your data and say "Oh well you can't have access to those." If you have it, you are going to have to hand it over and you can't drag your feet on it.

The only case where this could get tricky is that if you are involved in a case, you can be ordered to retain data that you don't normally. Maybe you don't normally do e-mail retention, I know places where it is considered non-critical and thus not retained, not backed up. However if you are involved in a case, you may have to retain it, even if you didn't before.

But the parent here is completely correct: They aren't saying you have to log everything you do. They are just saying that you can't have the data, and not hand it over.

Re:the FRCP (1)

Jumphard (1079023) | more than 6 years ago | (#21740704)

Do you have that IMPORTANT NOTE in your copy-paste clipboard and use it on every posting you make on the web? The 3 line disclaimer is not necessary. "IANAL" suffices, although you sound mighty like one of them.

Re:the FRCP (0)

Anonymous Coward | more than 6 years ago | (#21744952)

Sorry, it was to be funny.

Hear Hear! (1)

spiedrazer (555388) | more than 6 years ago | (#21741006)

This poster is absolutely correct. there is no requirement to retain all your electronic records. See my post "PLEASE help stop the FUD" below.

Re:the FRCP (0)

Anonymous Coward | more than 6 years ago | (#21741258)

EXACTLY. Spot on. This is FUD.

The e-discovery rules technically dont change anything courts werent already interpreting normal discovery as encompassing already. You do not need to save everything. In fact. The point is that you do everything as you would in YOUR NORMAL COURSE OF BUSINESS. All the rules do is make it CLEAR that in anticipation of litigation you cant just destroy data/emails that you have already been keeping and claim that you are fine because they technically aren't "documents" under the FRCP.

As for your disclaimer: I think IANAL is sufficient. All your stuff about a/c relationships and offer/acceptance look silly after you already admit you are not a lawyer. And I am not aware of any court/disciplinary committee interpreting a broadly addressed forum post as creating an A/C relationship or constituting legal advice. The instances in which it has are when its directed at fact specific circumstances with potential clients who had a reasonable expectation.

Re:the FRCP (1)

Cally (10873) | more than 6 years ago | (#21741372)

IMPORTANT NOTE: I am not a lawyer, this is not legal advice, there is no formation of attorney client privilege, this does not serve as an offer to represent you, your family, or anyone you have ever met, consult the advice of a licensed attorney in your jurisdiction before taking any action, the forgoing is for informational and educational purposes only, and any and all warranties inherent in this post whether express or implied are hereby disclaimed.

Awww, c'mon,.. don't spoil it for the kids!

Re:the FRCP (2, Informative)

Brian See (11276) | more than 6 years ago | (#21742326)

I am a lawyer and my practice focuses on eDiscovery. In other words, I translate between lawyers and people who read /.

Lots of interesting comments in this thread. There is a lot of FUD out there (like that's news). I hardly know where to start.

First, sophisticated litigants have seen increased costs from eDiscovery compliance, because "Joe Average" lawyer on the other side is getting more sophisticated about these issues. The new eDiscovery rules require companies to make pretty specific disclosures regarding what electronically stored information they have that might contain potentially relevant information. Federal judges are also more sophisticated on these issues now, and are expecting more of people. It's becoming a lot more difficult to 'hide your head in the sand' and hope the other side doesn't ask about this stuff.

Because the cost of searching, reviewing and producing email (and other electronic information) can be so burdensome, the table stakes for pursuing or defending a lawsuit can be higher than "before".

theMerovingian said: The FRCP are not a set of regulations to govern businesses, it just means that parties with digital information will bear the burden to produce it in the event of a lawsuit.

Not entirely true. In some cases, courts have held that cost-shifting is appropriate.

theMerovingian said: Depending on the frequency with which your company is sued, it may or may not be a good idea to make it faster to access your backups.

This is dangerous advice. There are companies out there which are making it cheaper to access backups. If you make it faster and easier to access information on offline (tape) or nearline storage, then you may reduce your ability to argue that the information is "not reasonably accessible due to undue cost or burden" under Rule 26(b)(2)(B). I have seen clients tripped up because IT people somehow get the notion that the lawyers WANT them to have really long retention periods on backups "just in case". While lawsuits sometimes require backup tapes to be held, if there isn't a lawsuit, it often isn't helpful to keep this data lying around when there isn't any business need for it.

theMerovingian said: However, anyone who deletes or destroys documents once a court order has been issued is in pretty big trouble if they get caught.

Agreed on the court order part -- don't violate court orders! But there's lots of room to argue before that order gets issued. When a company is sued, does that mean they have to create a bitstream image of each and every computer in the organization? (After all, just continuing to use the computer overwrites the pagefile and other unallocated space -- that's destroying potentially relevant data!) There are vendors (and even some lawyers) out there who are telling companies that they have to do this. The real answer is that in many cases, locking down every last bit of data is not necessary.

ediscovery (0)

Anonymous Coward | more than 6 years ago | (#21740414)

these new rules really don't mean much. you never used to save IM and email conversations.. and you still don't. your company just has to have a policy (a document retention policy) that states what the retention time is on certain types of communications. 0 days.

Our understanding of the new e-disc rules is that you must follow established policies -- and any material that the company has is discoverable, electronic or paper.

the end. this isn't a real news story.

The rules are clear, but it can be tricky. (1)

richg74 (650636) | more than 6 years ago | (#21740436)

I suspect that one of the reasons many firms are not complying with this is that the job seems so overwhelming, they don't know where to start. "Old tech" documents were created and saved (or not) under a kind of natural discipline, stemming from the fact that the cost of creating them was obvious and non-trivial. You might make off-the-cuff smart-ass comments at the water cooler or in the lunchroom, but you weren't likely to put them in a memo.

E-mails and IMs give the illusion of being almost costless (although the key cost component, someone's time, is still there); consequently, things get "written down" in E-mail that would never get put on paper. You might have written them on a sticky note, but those never officially existed as far as the formal records were concerned. The ticky thing about E-mail is that it can keep a record of all those formerly off-the-record bits: so you either have to keep everything (costly as well as potentially embarrassing), or you have to try to devise a defensible standard for what's relevant. And, of course, the constant torrent of spam doesn't make it any easier.

It's the cost! (1)

SatanicPuppy (611928) | more than 6 years ago | (#21740440)

Setting up a backup schedule so that you're basically keeping all email is freaking expensive, even when you're only doing incrementals. Tape "rotation"? Forget that. It's tape storage for ever and ever.

You need drives, and tape storage, and a tape inventory system, and let's not forget a never-ending stream of tapes.

Re:It's the cost! (1)

Billosaur (927319) | more than 6 years ago | (#21740628)

Go beyond the storage issue: how do you sift through all that communication to find what you're looking for? Simple searches? Semantic searches? A room full of $8 per hour interns reading every email and IM? Frankly it's impractical.

Re:It's the cost! (0)

Anonymous Coward | more than 6 years ago | (#21743386)

Yeah, my company is currently involved in litigation and we haven't rotated any tapes out since discovery began over a year ago. It's costing our legal department over $10K/month just for tapes and some ridiculous amount for offsite storage for Cintas. The opposing council asked us for a catalog of what files were previously on our old monthly tapes from when we did normal rotations! Our backup software doesn't keep that kind of freaking information, no system I know of does. We aren't even that huge of a company, ~800 employees and barely on the S&P 500.

Re:It's the cost! (0)

Anonymous Coward | more than 6 years ago | (#21748082)

You can do it so that it is very cost effective. We have 10 crap-boxes with 3 40G Maxtor drives each, all going together over the network in one, big, honking raid-0. When you power them up they download all of the new mail, captured IMs, everything. When they are done backing up they check all of the HDDs for failure and send an email to some guy who doesn't work here anymore letting him know that everything's a-okay. They then shut themselves off automatically (except for the two that never power anymore).

The only problem with the system is that someone might take the whole mess to the dump by mistake. That and the staggering cost and futility of actually trying to get anything back from the thing.

You can tell companies aren't paying attention. (3, Insightful)

olddotter (638430) | more than 6 years ago | (#21740448)

If they were, their lobbists would be be crawling all over this. The cost of capturing and storing all of the digital communications made by employees is non trivial. I know of one company just trying to give their lawyers access to query and retain e-mails. That project is a mess. I can't imagine trying to keep instant messaging along with, etc., etc. .....

SPAM (1)

future assassin (639396) | more than 6 years ago | (#21740510)

I wonder if they also retain all incoming SPAM mail. That would be interesting.

White House sets the Precedent (1)

soren100 (63191) | more than 6 years ago | (#21740532)

If you want to teach people through headlines, the White House has deleted 10 Million emails and is getting nothing -- not even a slap on the wrist for it.

They're just teaching through example.

There's no way you can have a more egregious example of failure to comply with federal document retention laws, or a more important reason to retain the emails, but absolutely no punishment seems to be forthcoming. Neither half of our political party seems to be even pretending to want to do anything about it.

So why should anyone else get punished for failure to keep their emails or other documents?

Re:White House sets the Precedent (0)

Anonymous Coward | more than 6 years ago | (#21740706)

If you want to teach people through headlines, the White House has deleted 10 Million emails and is getting nothing -- not even a slap on the wrist for it.
...
So why should anyone else get punished for failure to keep their emails or other documents?
The Whitehouse(TM) is above the law -- fool!

What e-discovery rules? (1)

tgd (2822) | more than 6 years ago | (#21740546)

Thanks, I'll be here all day. ;-)

This is my business (4, Informative)

gurps_npc (621217) | more than 6 years ago | (#21740634)

I do e-discovery related document loading and exporting.

I can tell you the following:

1. It is a big business.

2. It is not "pointless".

3. The reason the laws were passed is that people were intentionally deleting documents or worse LYING and claiming they had deleted it when back ups were clearly present. They lied because of the expense it would take to recover the back-ups. Honestly, was it that hard to have the lawyers talk directly to the tech people, instead of too middleman that cared more about money than their legal responsibilities?

4. The law at heart simply states that if you have documents then deleting it BECAUSE of a legal action is illegal.

5. The law clearly allows you to routinely delete documents, say 1/year, or even every month.

6. All it really takes to satisfy the law is a commitment to a reasonable data-retention policy. The only businesses that don't or can't comply are

A. those that have been giving their IT department the short-shift, not providing a reasonable amount of cash for data and back-ups.

B. Those that don't realize that after you are SUED or CHARGED with a crime means you have to spend money on the law-suit. That includes the responsibility of saving and organzing the data you collected.

Re:This is my business (1)

TheCarp (96830) | more than 6 years ago | (#21741080)

> 4. The law at heart simply states that if you have documents then deleting it BECAUSE of a legal action is illegal.

Though, wasn't that true before?

I clearly remember this coming up in a discussion of backup retention policy 5 years ago. Basically what was stated then was that we needed a policy for backup destruction so that we could get rid of backups because if there were ever a legal case, and we didn't have such a policy, then attempting to purge old backups could be seen as trying to destroy evidence.

However, if we had such a policy, and used it to get rid of backups as it defined, then we were simply following establish policy, and removal of the backups according to said policy would not be "destroying evidence" unless we had been ordered to suspend backup destruction.

SO essentially... was this true 5 years ago? Or was it "possibly true but ambiguous" and this law is a clarification? I am curious as to how this law changes things except for making them more explicit for digital discovery.

Of course this was made all the more interesting then, as we had a policy then of NEVER destroying backups. Why? Well there was a legal case where my employer suspended all tape archive destruction indefinitely. The case resolved, but the policy never changed. We, as the admins, were trying to get them to accept a new policy, that would allow us to purge gobs of old data.

-Steve

Re:This is my business (1)

gurps_npc (621217) | more than 6 years ago | (#21743352)

While it was illegal before, the penalties were not clearly stated. It was left up to the judges, some of whom gave simple verbal warnings.

Sort of the same way it is illegal for a government to deny you the right to free speech. There is no jail term or monetary fine declared by law. Now they give actual penalties.

The law basically made everything a lot more explicit.

Not what this is about at all (1)

SpaceGhost (23971) | more than 6 years ago | (#21740698)

The federal rules of discovery haven't really changed - this is just a tweak to address the concerns of the digital era. The government does not want you to keep everything forever, in fact the government is not usually party to these civil suits - besides most corporations waive privilege in government investigations to show good faith.
The primary goal of these changes are to get lawyers to talk about discovery in a meet-and-confer as early as possible. Too many judges were spending too much time dealing with lawyers that didnt know what they were talking about going back and forth about "it's in the metadata" or "it's in the RAM" or "it's on a sector". The judges want the lawyers to bring their geeks in, discuss what each side has and where, and decide on a good process for e-discovery. Then the courtroom is for arguments about merits, not about process.
Unfortunately the perception is that you have to deliver tons of data, which means reviewing tons of data for privilege. Plaintiffs lawyers are using this as a method to pry large settlements out of defendants, who see this as cheaper than hundreds of hours of outside counsel review time. You do know that most civil cases settle before going to trial, right?
That's not to say that e-discovery is not a fascinating and daunting challenge, it actually makes for an interesting career. But bringing a sound preservation scheme and reasonable search terms and methods to a meet and confer will help dramatically.

Too Expensive (2, Interesting)

pickapeppa (731249) | more than 6 years ago | (#21740714)

This kind of archiving would be nigh impossible for some businesses, no matter how heavily regulated. Its partially a matter of resource allocation. I do a nightly backup and a monthly backup for an organization that deals with kids, medical records, and large donations (i.e. heavily scrutinized). 80 percent + of donations must be spent on program services, so I have a limited budget. If something is written and deleted betwixt the monthly backup and the earliest nightly, its gone. There's no practical way for me to keep all that data on hand. I recycle the backup tapes and burn DVDs. If I bought enough tapes to keep an independent backup of each day's activity, there'd be no room in my office for me. Nor do I want to spend money on some kind of IM tracker. If I did, those kids with medical conditions would suffer. Sorry lawyers, you'll have keep doing things the ol' fashioned way

eDiscovery Roundtable (1)

BlakeReid (1033116) | more than 6 years ago | (#21740768)

Silicon Flatirons at CU Law hosted a roundtable last week on E-Discovery. A whitepaper is forthcoming soon, but there were several recurring themes. 1) eDiscovery disputes are largely regional. There are a lot of pitched battles happening on the east coast (esp. NY and NJ) and in California; in the middle of the country (Texas, Colorado, Chicago), not so much. 2) Mutually assured destruction - lots of companies in litigation stay away from bringing up eDiscovery issues because they know it will be extremely bad for both parties involved. 3) Cost - it's not necessarily in the retention, as people have mentioned here; it's relatively cheap to produce data. The problem is searching it. It's extremely resource intensive to search 100 million documents for 50 relevant e-mails. There's a software gap here that none of the major players are filling adequately - hint hint! For all you startup developers searching for a niche to fill, here you go! This is software that big firms and eDiscovery vendors and service providers will pay big bucks for. Get on it before Google gets in on the action. 4) Competence - most lawyers are simply not well versed in either eDiscovery or computer technology to sufficiently explore this area of the law. Look for this to change drastically in the next 10-15 years as it starts becoming malpractice or sanctionable behavior to NOT be well-versed. There are more interesting issues in this area - check silicon-flatirons.org after the holidays to read the whitepaper. Disclaimer - IAALSBNAL (I am a law student but not a lawyer) and this is not legal advice, YMMV, etc., etc.

Re:eDiscovery Roundtable (1)

tarp (95957) | more than 6 years ago | (#21748308)

There is already software out there to sift through hundreds of thousands of documents or e-mails to find the relevant e-mails that contain the "smoking gun" evidence. I know because I work for a company, Extractiva, that has been developing and selling e-discovery software for almost 9 years. The basic process is to extract the data from e-mail stores and container files, then create an index that can be searched. You can also image everything into TIFF or PDF so it is easy to review. Other tools exist for searching through collections and a number of vendors provide these tools. One that I am familiar with is Stratify, based out of California. They do context sensitive searching and indexing.

Re:eDiscovery Roundtable (1)

BlakeReid (1033116) | more than 6 years ago | (#21748340)

Sorry, perhaps I wasn't clear - obviously some software exists, but the indication from the panel (mostly attorneys and vendors) was that the software simply isn't fast enough to make it cost-effective to launch into eDiscovery disputes at will.

Infosec is the (0)

Anonymous Coward | more than 6 years ago | (#21740954)

Disclaimer: my employer sells a solution[1] for the email retention market.

As the summary says, a lot of this stuff isn't going to sink in until Directors of limited companies (corporations in the US) are doing the walk of shame because they failed to pay proper attention to IT security. (I consider mail retention to be part of the infosec remit of almost all organisations except those TLAs with very special needs.) Security in general is treated given lipservice, but the best you can hope for really is that officers have had some legal advice that they're personally liable for related issues (eg: if it turns out the marketing dept have been faking customer satisfaction numbers, and the firm's about to collapse in a wave of customer rebellion, and the officers don't know that - tough! You should have known! People invested in the company on the understanding that it was known! You know the score... "...and may god have mercy on your trust fund. Take him down!"

In those situations management tend to fling money at consultants who will install fascistic AUP practices, enforce lots of insane bureaucracy that just gets in the way of people doing their jobs (egs: universal bans on USB media; banning people from listening to music as they work.) Of course that's BAD security, which IMO is worse than none at all - because it makes people work a bit harder to work around it, which makes it harder to know what backdoors people are using to, yes, do their jobs.) And when that happens I'm going to be secure in the knowledge of my own off-site backups of my own internal mails, clearly laying out the risks being run and the controls required to do it properly. And the protests when resources are slashed anyway. I want that stuff on the record, which means a record I can trust - which means one I control.

It's interesting that the UK government has suddenly started reporting losses of personal data of the sort that have obviously been going on for years - ten or fifteen years, ever since ubiquitous high-capacity storage such as CDR, outsourcing of IT and administrative functions to companies with no direct interest in maintaining control of data, cheap wide-area networking and the mirage of a working database nation [amazon.co.uk] came to pass. (I was just getting into professional IT back in the mid-90s, when the trade press were full of vendors touting datacubes, object-orientated databases, OLAP and datawarehouses and the like. The theory was that by aggregating data from masses of sources, slicing it and dicing it, The Business would gain amazing new insights into customer behaviour. The national security-industrial complex also bought the whole story hook line and sinker, with results we are now starting to see - billions wasted on white elephant systems that suck garbage in and spit garbage out, have enormous opportunity costs and never deliver the promised benefits.

Mail retention's the same story. How many sysadmins would demur when a senior VP pops up in the helldesk room on a Friday night & orders someone to stay late doing 12x overwrite pass disk reformatting on all the mail servers? The same number who care what happens to the disk in that old mail server that got skipped last month when the shiny new quad-core Exchange box arrived - just over none at all. (Yeah yeah, everyone here takes a hammer to the platters before releasing them... ever tried buying a dozen cheap second-hand SCSI drives from a redundant-kit-recovery operation? Give it a go one day, and try practicing your Coroner's ToolKit skills on 'em (or just pop open hexedit at take a peak at /dev/sdc1 or whatever.) It's quite an education, I recommend it to all conscientious sys-admins...

[1] hey I'm not saying if it's a box, software, a service, or a combination of all three. Do your own damn market research! ;p

PLEASE help stop the FUD!!! (3, Informative)

spiedrazer (555388) | more than 6 years ago | (#21740964)

OK everybody, listen up!!

Despite what the vendors who produce e-mail archiving software may say, there is NO requirement that ANYONE archive all their e-mail/chat/word docs. etc. for potential litigation!!!

The rules say that, once you know that there is a legal case (or can reasonably expect that an issue may lead to legal action) you can't destroy evidence that could be used in the case. The federal rules actually spend more time outlining all the valid reasons you may have for destroying/deleting old e-mails or other correspondence.

There are a lot of vendors generating a lot of FUD about this issue, and even more clueless tech writers and glorified corporate publicity rags like eSchool news to perpetuate it. Don't be sucked in!

Yes, your company/agency should have a retentions policy, but that doesn't mean to retain everything! It should spell out how often you delete materials that are no longer deemed necessary. As long as you follow that policy, you are covered if you delete something that comes up later in an un-anticipated legal action! Once you are aware of a legal action, it is your responsibility to identify and secure any documentation in any form that can have bearing on the case.

Re:PLEASE help stop the FUD!!! (0)

Anonymous Coward | more than 6 years ago | (#21742276)

So, here's the problem.

Say I'm running along as normal, and wiping out all stored messages after, say, one year. Now I get sued. The other party asks me to produce "all documents related to X".

At this point, I can't delete anything in my possession until I've determined whether it is in fact related to X. In practice, that means that I have to suspend all deletions until I've examined all the material in my possession. The demands aren't going to be for "Joe's email"; they're going to be for "all email to or from any employee which might conceivably relate in any way to an activity vaguely connected to what we claim Joe and/or other employees may have been doing". Any stored communication anywhere in any of my systems COULD fall into the scope of a demand, and I won't know until I've manually examined all of it... so I can delete nothing until I've examined it, and in fact I need to delete nothing until the other side's last chance to dispute the adequacy of my search has passed. Which can be a very long tine.

Now, if I'm a large business, and often if I'm a small business, I am ALWAYS going to have some kind of litigation going, or at least have a reasonable expectation that some litigation will start. Furthermore, I will continuously keep getting broad discovery demands that require me to fish through everything on hand.

So, when I finish looking through everything for X, I still can't delete anything, because in the meantime I will almost certainly have gotten a new requirement to look for Y. I'll have to look for Y in everything I have, including the stuff I have because I didn't routinely delete because I was looking for X. And now each search takes longer because I have to dig through all the stuff that I retained beyond my normal policy because of previous demands in possibly unrelated cases.

The result is that my retention policy is pretty much meaningless. I can never actually apply the policy unless I get to the state where I have no active litigation and no threat of such, and that never happens. The practical effect is that many businesses have to retain everything forever. Litigation is not some kind of rare exception to the normal course of business; it IS the normal course of business.

Re:PLEASE help stop the FUD!!! (1)

Brian See (11276) | more than 6 years ago | (#21742636)

The AC post to which I'm replying is spot-on as to what many large comapnies are facing.

Courts are getting more savvy and are declining to impose blanket obligatons to preserve (or, heavens forbid, produce) "all" information.

Lawyers who understand the costs of information management are successfully narrowing the scope of what needs to be preserved (and produced), in order to let the company move on with its normal business.

The leading treatise / think-tank on eDiscovery issues, The Sedona Conference, captures this notion:

A party's preservation obligation does not require "freezing" of all electronically stored information, including all email. Organizations need not preserve "every shred of paper, every email or electronic documents, and every back-up tape," nor do they have to go to extraordinary measures to preserve "all" potentially relevant information.
Comment 5.g., The Sedona Principles Addressing Electronic Document Production, Second Edition (June, 2007).

Of course, lawyers on the other side of the argument try to get closer to "all" than the people on the responding side. Figuring out where the line should be drawn continues to be the tricky part.

Re:PLEASE help stop the FUD!!! (1)

spiedrazer (555388) | more than 6 years ago | (#21742960)

If your are a really big company, I imagine that you could and should have one of the archiving solutions that makes a searchable archive of your existing data (as much as YOU choose to keep around according to your policy)to make retrieval a quick process.

If, however, you are a small public company or public agency (like the school district I work for) who rarely runs into litigation problems, you don't need to buy into the inaccurate hype that says you need to save everything because the law says you have to! That is just completely inaccurate but not enough people armed with the facts are countering the corporate PR machine. Even in your example, there are provisions that cover unreasoable data requests. I didn't verify this while posting, but my recollection is that the judge has full power to excuse the requirement to produce specific content if the 'costs' to produce it are unreasonable as compared to the scope of the issue at hand. Costs can mean anything.

Well... (1)

p!ssa (660270) | more than 6 years ago | (#21741004)

Of course everyone is ignoring it, we all know a copy of every email/IM/packet etc. exists in the basement of the San Francisco AT&T switching center (and I'm sure many more). Why we should we store all this shit when "THE MAN" already has multiple copies, cross referenced, sourced, vetted and all the boilerplate leagalese to do/charge whatever they want.

Compliance doesn't come cheap (0)

Anonymous Coward | more than 6 years ago | (#21741020)

I work for a big vendor of Enterprise Content Management software and solutions, and I can tell you that when a major company finally decides they need to effectively manage retention policies and develop compliant workflows, it costs a bloody fortune by the time they are actually up and running. Just figuring out who creates what is a major business effort involving every single corner of the operation.

The pains of E-Discovery Rules (2, Interesting)

HeliosTrick (825325) | more than 6 years ago | (#21741068)

I'm the sysadmin at a lawfirm in the Chicagoland area, and we've been following these guidelines for a couple years. However, it is quite a hassle, even though we only have 150 employees. We keep tape backups on a rotating 14-day schedule, with End of Month and End of Year retains kept indefinitely - offsite in a fireproof safe, natch. The amount of storage space we need will soon require us to move from LTO-2 to LTO-4 format and buy an even larger safe.

Most companies may not need to follow these guidelines, but in the legal industry we're literally in court all the time, and it's in our best interest to do so - regardless of headaches it may cause. :)

Texas Governor deletes email every 7 days (0)

Anonymous Coward | more than 6 years ago | (#21741454)

And the white house does everything they possibly can to hide email.

Your US government at work.

As covered on NPR [npr.org]

Just in case (1)

phorest (877315) | more than 6 years ago | (#21741560)

Keep any documentation that can potentially help you, delete the stuff that you know could hurt you.

GNOAA (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21741728)

DEPARTURES OF represents #The

pretty obviously unenforceable (2, Insightful)

HelloKitty (71619) | more than 6 years ago | (#21742556)


it's a bullshit law. so there's no reason to follow it.
there's always denyability (i.e. we don't allow IM, so there is no record of it, because it doesn't exist)...
there's also the "don't incriminate yourself" thing (right to remain silent).

while we're at it, maybe I should record all conversations I have too. just in case some one want to see wat I've been saying.
and my brain waves. just in case some lawyer needs to see if I was thinking impure thoughts over the last year.

like i said. stupid law.

Re:pretty obviously unenforceable (1)

Simple-Simmian (710342) | more than 6 years ago | (#21744620)

Hear hear, you mirror my sentiments exactly. This the the kind of crap Lawyers love. This Judge can stuff it.

Great 5 Gazillion Terabytes of SPAM to store (0)

Anonymous Coward | more than 6 years ago | (#21742622)

I don't know about everyone else, but I get 50 to 100 Spams for every legitimate e-mail. I do know that a lot of other folks here get similar quantities.

This is Shocking! (1)

twmcneil (942300) | more than 6 years ago | (#21743344)

I guess I had better write up a request for some kind of email archiving system, but where oh where to find such a system?

I know, I'll check with the company (MessageOne) that financed this "research".
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...