Having a policy to govern electronically stored information (ESI) is no longer optional for most businesses. Nowadays, they face regular litigation matters that require having proper information at the ready—on the flip side, they must also ensure information is properly discarded in a timely matter.
Both aspects—information retention and destruction—can have significant consequences if the company does not have a policy in place or does not follow its own rules.
The struggle for most companies is the sheer volume of ESI. Almost 800 megabytes of recorded information is produced by each person annually, and 92% of that is on computers and electronic storage media. (Just so you can visualize it: About 30 feet of books would be needed to store that much information on paper.)
Why is there so much information chaos? Much of it is replicated, so much is being shared electronically and most people are simply afraid to delete it. Without a policy to manage how it is organized, shared and destroyed, it kind of just hangs around…clogging up servers and hard drives—and putting your company at a huge risk.
What are the Rules When it comes to ESI?
The Federal Rules of Civil Procedure (FRCP) govern electronically stored information (ESI), so when a litigation matter arises, expect to turn to this regulation for guidance.
Some of the basic rules governing ESI include:
- Initial Discussion: Rule 26(f) of the FRCP requires parties to meet early during the litigation process to discuss discoverable ESI, how ESI is stored and how data will be accessible. This is when having an ESI policy, along with an attorney who understands it, is key. You can specify applicable parts of your policy and furnish information as needed; ideally, your attorney knows your ESI policy so well that he or she can handle it.
- Privileged Information: When it comes to privileged and confidential information, an inadvertent disclosure of it during discovery could make it discoverable—this is when it can be used against you. If you had an email message that wasn’t deleted when it should have been, for example, that could be admissible in court when it otherwise would have never played a part.
- Reasonable Accessibility: If information is not reasonably accessible or brings up an undue burden or cost, parties can avoid ESI discovery. Information in readily usable formats is considered reasonably accessible; so data on disks, hard drivers and servers applies. Electronic information that has to be converted or recovered in order to use does not apply. Businesses that convert paper documents into PDF and TIFF formats can better handle litigation because they can be easily indexed and searched for.
- Safe Harbor: Before, I mentioned that a party can be at risk for wrongfully retaining information—but they can also be at risk if they don’t produce information that was unjustly destroyed. This is called spoliation, and courts have imposed sanctions for this. It does not bear well for the overall corporate image or brand, not to mention the specific litigation at hand. Rule 37(f) states that a court cannot impose sanctions when a party destroys ESI as part of “routine, good faith” operations—if it was destroyed as part of routine procedures, that’s typically all right. Part of having and using an ESI policy means knowing what information needs to be destroyed and when; as well as what data must be retained, and for how long. While there is a safe harbor, it’s better to have a policy in place that you follow so you don’t waste time determining what you can get away with, so to say.
This gives you an idea about what the rules are for ESI. My job is to understand these rules, but mostly to help companies implement ESI policies. In doing so, you cultivate transparency while complying with regulations. That way, if litigation does come up, you’re ready to quickly and swiftly respond.
What aspects of the FRCP are included in your ESI policy?