In response to defending periodic litigation in the early 2000s, a company implemented an information governance policy that emphasized the retention of nearly all electronic data and documents. At the time, the volume of data was not excessive, and the cost of retention was comparatively minimal. Over time, however, the company and the volume of data has grown. Storage costs have ballooned, and the company leaders have decided to reconsider their "packrat" strategy. In-house counsel has warned, however, that routinely deleting data may mean that something relevant to litigation will be lost, and the company may have to defend its practices against a spoliation claim. The company therefore wants to ensure that any new policy is defensible.
The Risks and Costs of Retaining All Electronic Data
Spoliation—the destruction, alteration or mutilation of evidence—is a common fear in litigation, particularly for large corporate defendants. In the past, conventional wisdom held that storage was cheap, and so it was prudent to save everything rather than risk deleting something that might later prove relevant in a lawsuit. However, as the volume of electronic data has exploded, many organizations have realized that developing and implementing a reasonable and defensible records retention program that provides for the regular deletion or expiration of electronic data is often cheaper and less risky than holding on to every scrap of electronic data.
- First, in reality, no organization actually saves everything. When data is lost in violation of a policy or practice that says everything must be preserved, it can be more difficult to defend against a spoliation claim.
- Second, storage costs are often not cheap. Storage hardware might not be particularly expensive on its own, but all of the associated information technology infrastructure can be extremely costly.
- Third, discovery costs can account for 75 percent or more of litigation expenses, and those costs can skyrocket as data volumes increase.
- Fourth, the percentage of an organization's data that is needed for business, legal or regulatory purposes is often relatively small in comparison to the total amount of data being retained. As the volume of data retained increases, so can the difficulty of finding what's truly important. That can impact not only litigation expenses but also the ability of the business to function efficiently.
Developing a Defensible Disposition Policy
The 2015 amendments to the Federal Rules of Civil Procedure substantially revised the rules in federal court relating to spoliation of electronically stored information ("ESI"). Most significantly, the revised Rule 37(e) allows courts to impose sanctions for the failure to preserve ESI only if the party "failed to take reasonable steps" to preserve the information. (Fed. R. Civ. P. 37(e).)
Developing and implementing a reasonable policy for handling ESI—including deleting it when appropriate—can help defend against a spoliation claim. Courts have yet to develop clear standards for what constitutes "reasonable steps" or what a reasonable policy might look like. However, the Sedona Conference—a leading e-discovery research and analysis group—recently issued draft Principles and Commentary on Defensible Disposition to help organizations devise appropriate data disposition policies.
The Sedona Conference proposed three guiding principles that organizations can use to develop their policies:
- Absent a legal retention or preservation obligation, organizations may dispose of their information;
- When designing and implementing an information disposition program, organizations should identify and manage the risks of over-retention; and
- Disposition should be based on information governance policies that reflect and harmonize with an organization's information, technological capabilities and objectives.
The first principle reflects the basic—and often forgotten—fact that there is no underlying legal requirement to preserve all data. Preservation obligations arise when litigation or an investigation is pending or reasonably anticipated or as required by statute or regulation. Absent one of those circumstances, organizations are free to let their business needs guide their document retention and destruction practices. While routine disposition practices often must be suspended in the face of internal or governmental investigations or litigation, those practices need not be focused in the first instance on the fear of a spoliation claim.
The second principle recognizes that there are risks to over-retention. Not only are organizations not required to preserve everything, but doing so may be affirmatively detrimental both to the operations of the business and to the successful and efficient conduct of litigation. Organizations should consider the risks of over-retention when developing their disposition policies.
The third principle acknowledges that appropriate disposition policies will vary between organizations. Policies must take account of the types of data at issue, the subject matter of the data (including regulatory requirements ), the technical capacities of the organization and the organization's own goals in retaining data. This requires organizations to undertake an internal assessment of what information they have, what they are capable of doing with it and, most importantly, why it might be valuable to keep that information. This will often be an ongoing process. As organizations evolve, the types of data they hold, their technical capabilities and their goals change. An organization's disposition policy should, therefore, be periodically reviewed to make sure that it is keeping up with the realities of the organization.
Benefits of Having a Defensible Disposition Policy
Organizations that take the time to develop and implement a disposition policy focused primarily on the realities of their business, while taking account of any applicable legal and regulatory requirements, are more likely to be successful in defending a claim of spoliation. Furthermore, discovery costs can be significantly reduced because of the decreased volume of materials that need to be collected, searched and reviewed.
Perhaps more importantly, significant business advantages may be gained: Not only will the organization spend less money retaining data unnecessarily, but the data that it does retain is more likely to be useful to the business and easier to find when needed.
Visit us at mayerbrown.com
Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.
© Copyright 2018. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.