At Symantec, we assist our customers with managing their abundance of electronically stored information (ESI). But recently, I read an article that should make our current customers and future customers carefully consider their ESI deletion policies. In the article, “Terminating Sanction for Destroying Files to Avoid Suit Raises Concern for Document Retention Practices” by David Cross and Rachel Talbot, a summary judgment was given against the defendant due to their apparent “good faith” ESI deletion practice. Let’s just consider that last statement, a defendant lost because of their apparent “good faith” ESI deletion. Here is what the defendant claimed:
“…he had purchased tens of thousands of dollars in discs from the plaintiffs during his years as a karaoke jockey and that he was unaware of the ‘‘industry standard’’ prohibiting karaoke jockeys from making more than one digital copy of legally purchased tracks.
The defendant claimed that when he heard that the plaintiffs were suing other karaoke jockeys for making illegal copies of tracks, he wiped his hard drives clean—before the lawsuit was filed against him—in order to comply with the industry standard and avoid being sued.
Specifically, the defendant admitted ‘‘he deleted all of the files off of his drives that were not in compliance using special software to make file recovery difficult, if not impossible.’’ He ‘‘acted further to destroy the computers by rebuilding, repurposing them or discarding them as defective.’” He then purchased another computer with the trademarks at issue removed.
The defendant nevertheless argued that he acted in good faith because he merely was trying to comply with the ‘‘industry standard’’ once he learned about it, and to avoid being sued by the plaintiffs.”
Wow, on the surface, the defendant realized that he was not within industry-standards so the defendant deletes all the information off of their hard drive so as to meet the industry standards. Unfortunately (for the defendant), the court did not see it in the same manner as the defendant. Basically, a defensible deletion policy does not include an ad hoc ability to begin deletion when “…he heard that the plaintiffs were suing other karaoke jockeys for making illegal copies of tracks, he wiped his hard drives clean—before the lawsuit was filed against him…” So the opposite of that thought would be that the defendant would not have deleted the files if he did not think he would be in lawsuit.
For many of our customers, defensible deletion should be of a paramount importance. A defensible deletion policy can mitigate risk due to over-exposure (retention) of ESI while maintaining compliance to various governmental regulations (especially in regards to a “smoking gun”), reduce the effort and cost of discovery (in regards the effort in dealing with ONLY potentially relevant data), and reduce the storage footprint of their ESI which would reduce the administration overhead and costs.
Enterprise Vault.cloud has the ability to set:
- A global (corporate) retention policy
- Group-based retention policy synchronized to Active Directory groups
- Place message level retention tags
- Place legal holds on entire mailboxes or on messages only
This ability can assist any organization with their ESI retention policy along with an automated manner of expiring data by the appropriate time period.
Remember, it is not wrong to remove ESI data from your organization. It is simply the method of removing data (in regards to bad faith) that can lead to sanctions, judgments against your customers, and may even be viewed as an illegal act.
To read the online article titled “Terminating Sanction for Destroying Files to Avoid Suit Raises Concern for Document Retention Practices”, go to:
If you need assistance with Enterprise Vault.cloud or any other archiving and eDiscovery products, feel free to reach out to your Symantec sales representative. We are happy to assist you with your archiving and eDiscovery needs.