The news is full of stories of suspicion and liability due to missing electronic files: Missing e-mails from Karl Rove; deleted e-mails from Arthur Anderson; $29.2 million awarded in a discrimination case after jury was instructed to “infer that [missing e-mails] would have been unfavorable.”
As a result of recent changes to the federal court rules, lawyers recommend that all companies have a written electronic document retention policy. At some point, most businesses can expect to be asked to produce electronic documents. Failure to do so can result in sanctions or an instruction to the jury against the company. Under the new rules, all parties must disclose their electronic documents or information about those documents – including where they are kept – early in a case.
The new rules contain a safe harbor if electronic information was “lost as a result of the routine, good-faith operation of an electronic information system.” A company is protected from adverse instructions, or even a presumption of wrongdoing, if documents were destroyed in accordance with a written policy. Because of this, all companies should have a policy regarding the retention and destruction of electronic information, including e-mails.
Even companies not guilty of wrongdoing need to be concerned about favorable evidence that could be lost or selectively disclosed. The company that deletes its e-mail or other files too quickly may leave itself without the proof necessary to fend off a suit. An employee suing about harassment, for example, can be expected to copy incriminating e-mails, like sexual jokes from a co-worker, but not exculpatory e-mails, such as the employee’s response of “LOL” (“laughing out loud”) or suggestive e-mails he or she initiated. Without an accurate e-mail record, if an employee claims to have been harassed by e-mail or to have reported harassment by e-mail and the company would not have the means to disprove the claim.
To avoid presumption, an electronic document retention policy must require keeping all relevant records until the possible statute of limitations has expired. But that time frame depends upon the content of the documents. A meaningful policy must provide a means of sorting the documents, a filter that will screen for any sensitive electronic files, including e-mails, files and retain the relevant ones. The policy must cover all electronic devices, including PDAs, laptop computers, and even home computers, if company business is conducted on them. The policy needs to be crafted with the assistance of counsel and IT experts. Then, it must be faithfully implemented, including systematic auditing to ensure compliance. Failure to do so could leave a company in the worst of all positions, without the evidence it needs to defend itself and yet, subject to an adverse inference for failing to retain required records.
A good company need not fear its electronic records. Rather, it needs to plan what records to keep, how and where to keep them, and how the records can be accessed if litigation does arise.