Departing Employees and the Importance of Saving Their ESI

This is one of my posts up on TMA that I thought would be interesting to revisit due to the high unemployment rates we've been seeing. It seems like there are probably a lot of job losses out there (10% is a lot of unemployed) and companies should be prepared in processing employee data correctly. The consequences of not doing so can be stiff indeed. Read below for more:

Virginia Henschel of Lexis Nexis wrote an interesting piece on the perverse logic of the New Hampshire Attorney General’s Office ESI (non)retention policy.  She is right that government agencies can’t just delete their departed employees’ ESI.  Private corporations can’t hide their heads in the sand either.

Although there are too many examples of sanctions for failing to preserve departed employees’ ESI for just one blog post, I must point out that in May, FINRA fined Piper Jaffray $700,000 for email retention failures and disclosure violations. And this wasn’t Piper Jaffray’s first time through the wringer. Back in December of 2002, leading investment houses including Goldman Sachs, Morgan Stanley, Deutsche Bank, and Piper Jaffray failed to preserve e-mail and were fined a total of $8.25M . As FINRA reports on Piper Jaffray (emphasis mine):

FINRA discovered Piper Jaffray’s continuing email retention deficiencies when its investigators requested all emails sent or received by a former firm employee suspected of misconduct…When reviewing the CD-ROM’s contents, however, FINRA discovered that one particular email was not producedthat investigators had already obtained in hard copy form…Only after further inquiries about that missing email did the firm finally inform FINRA of the intermittent email retention and retrieval issues it had been experiencing firmwide…

It is clear that retaining departed employees’ ESI is an essential component of any good enterprise-wide records management, compliance and eDiscovery system. Employees leaving the company present a formidable compliance challenge for companies and government agencies.  Many companies mistakenly rely on their IT departments to save the hard-drives of the departing employees as well as the departing employee’s mailbox and network drive ESI.  Not only does this waste corporate resources (do you really need all that data?  for how long?), it is also creates increased legal and compliance risk.

I believe that a robust file and e-mail archiving system is needed to ensure 100% capture and storage of this type of ESI.  This system must be customizable so that an organization can consider legal and economic factors to ensure that information is retained as long as necessary, but no longer. Just because ESI can be deleted at the click of a button does not mean you aren’t responsible for it. Many will learn this lesson the hard way, while the ones who are prepared will save significant time and money.

Harkabi v. SanDisk

In an interesting motion released last week in Harkabi v. SanDisk, Judge William H. Pauley has done a pretty good job outlining the considerations of balancing e-Discovery cost and thoroughness.

In essence, during the case SanDisk chose to play dumb (or lazy) and did not produce all relevant evidence, despite admitting that they had some specific pieces, resulting in their negligence. As Pauley quotes, "A failure to conform to this standard is negligence even if it results from a pure heart and an empty head."
 

Yet, interestingly, the judge gives little leeway to SanDisk because it is a technology firm. "Its size and cutting-edge technology raises an expectation of competence in maintaining its own electronic records. The concatenation of omissions and missteps at SanDisk reveal a lack of attention to detail that has worked a hardship on the Plaintiffs and delayed this litigation."
 

Because SanDisk could not locate certain files or images from the hard drives of the custodians (in this case, the plaintiff's own hard drives), they were found to be "At minimum, [they] SanDisk was negligent...The undisputed facts reveal a cascade of errors, each relatively minor, which aggregated to a significant discovery failure."
 

I'm sure it is this kind of embarassing failure which legal teams must look to avoid (in addition to the sanctions, a mere $150,000 in this case).

Dead End: Hold On! Theres a hole in your case...

Over at Practical e-Discovery, they point to the recent ruling in Siani v. State Univ. of New York, 2010 as being critical in the e-Discovery space. To understand why, let us start at crux of the problem: when do organizations have a duty to preserve data?

Is it forever? Or when there is reasonable suspicion of an upcoming case? Does the pre-suit duty to preserve begin by just a letter by a putative plaintiff which even contemplates a suit? Or perhaps when the suit hits? Without a definitive landmark, it is impossible for organizations and legal teams to plan for litigation. And in a world which runs on dependable schedules and efficiency, that means costly and protracted reaction. 

Siani relies upon the the work-product doctrine, which encompasses documents that are prepared “in anticipation of litigation.” As Practical e-Discovery mentions, Siani v. State Univ. of New York reached the reasonable conclusion, 'that if litigation was reasonably foreseeable for one purpose, “it was reasonably foreseeable for all purposes."' Which means that the duty to preserve begins with the creation of any work-product.

The work-product doctrine slices both ways, since by invoking it for protection means that to the organization, litigation was reasonably anticipated and the duty to preserve had been triggered at that point. Again, this translates into the fact that the beginning of the work-product immunity should be the beginning of related electronically stored information (ESI) on legal hold.

In effect, companies must enact legal hold the moment in which documents are prepared in anticipation of litigation. There is no way to do so without a proactive archiving and e-Discovery tool already in place, because otherwise there would be reliance on the custodian (potentially those involved) to retain their own (potentially incriminating) documents. And as we have seen in Adams v. Dell, there continues to be a large question in custodian-trusted legal hold.

As more and more of these cases evolve, organizations must focus on proactive e-Discovery.