Seeing this post reminds me of something I’ve noticed lately…. that when it comes to dealing with something mandated by the Government, I’m having to go back to the underlying documents to make my own interpretation of what is really needed for my organization.
Kai talks about the issues but let me bring them up a bit more forcefully…. while these rules DO indeed affect every business, the impact is when you are involved in a federal court case.
….and the last time you and I was involved in such a court case was…..?
….yup… you got it. As long as in the normal course of your business you routinely make backups over the top of the same data, routinely delete emails, routinely… etc etc….. there are no issues whatsoever and no changes you need to make. ONCE you are involved in a federal court case, that’s when you need to reevaluate your process. But for now, it’s business as usual.
My favorite quote was this one… “Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing “virtual shredding†once a lawsuit has been filed,†said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation.”
This is probably the best rebuttal to that statement I’ve seen: http://www.localtechwire.com/article.cfm?u=15705
“On the other hand, absent exceptional circumstances, there are no sanctions available for the loss of ESI as the result of the “routine, good-faith operation of an electronic information system.â€
This exception focuses on the fact that part of normal computer operations are the alteration and deletion of information. The Notes indicated that many steps essential to computer operations may alter or destroy information for reasons wholly unrelated to the litigation. It is recognized that the routine operation includes alteration and overwriting of information, often without the operator’s specific instructions—meaning that there is no direct counterpart in hard-copy documents.
Examples of routine practices that could be considered to come within the scope of the rule are: (1) programs the recycle storage media kept for brief periods against the possibility of disaster that broadly affects computer operations; (2) programs that change metadata to reflect the latest access to electronically stored information; (3) programs that automatically discard information that has not been accessed within a defined period; and (4) database programs that automatically manipulate information without user input.”
Bottom line.. get the facts.. and don’t panic
http://www.law.cornell.edu/rules/frcp/
http://cyber.law.harvard.edu/digitaldiscovery/digdisc_library_4.html
Link to The new email retention rules – getting to the bottom of the facts
This is a good resource on the legal aspects of “computer maintenance” that explores the shared areas between email retention and routine computer maintenance. Both quotes are correct in their own context and highlight the subtlety of discovery rules. The problem is not with the initial request for electronically stored information(ESI) but if the judge agrees that a second broader request is necessary. This request is typically broader in scope and may involve obsolete hardware and software. The link from localtechwire is the best resource of the three links because if explains how the discovery rules are typically interpreted by judges. I stored an Acrobat version of the localwire article for my reading file.