e-commerce LAW & STRATEGY - Heymann & Partner, Rechtsanwälte
e-commerce LAW & STRATEGY - Heymann & Partner, Rechtsanwälte
e-commerce LAW & STRATEGY - Heymann & Partner, Rechtsanwälte
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
‘Hotmail’<br />
continued from page 3<br />
to e-mail me at any time. No security<br />
issues like my WH (White House) email.”<br />
Would your IT department tolerate<br />
that attitude from a staffer<br />
unhappy with the rules of your<br />
record-retention program or acceptable-use<br />
policy? Certainly not, since<br />
the reaction of opposing discovery<br />
counsel, or a court, might mirror that<br />
of the legislators who investigated<br />
the RNC, such as Rep. Henry<br />
Waxman (D-CA), who bluntly (but<br />
accurately) described the behavior of<br />
the White House staffers as “using<br />
the nongovernmental accounts<br />
specifically to avoid creating a record<br />
of the communications.” He also<br />
cited an instance in which a lobbyist<br />
had warned against using the “official”<br />
White House e-mail system,<br />
because “to put this stuff in writing in<br />
their e-mail system ... might actually<br />
limit what they can do to help us.” A<br />
Clinton-era staffer with similar clarity<br />
labeled this behavior as “operating<br />
official business off the official systems”<br />
— the very risk run by private<br />
firms that allow use of personal email<br />
accounts for business. From a<br />
practical perspective, you would be<br />
lucky if an opposing counsel finding<br />
any of these land mines in discovery<br />
gave you a chance to call your carrier<br />
to discuss settlement before seeking<br />
sanctions from the court.<br />
HOW ‘CONVENIENCE’<br />
CAN CAUSE PROBLEMS<br />
In an era when firms adopt carefully<br />
drafted record-retention policies,<br />
and e-mail and Internet-usage,<br />
policies to protect the firm against<br />
improper use of those resources by a<br />
rogue employee, allowing your<br />
firm’s staffers and executives alike to<br />
bypass those protections, like the<br />
White House officials, would make it<br />
hard to persuade a court to grant<br />
your firm the benefits of those policies.<br />
After all, the White House and<br />
RNC had to cope only with the<br />
requirements of the 1978 Presidential<br />
Records Act, which requires that sufficient<br />
records be kept “to assure that<br />
the activities, deliberations, decisions,<br />
and policies that reflect the<br />
performance of (the President’s) con-<br />
4<br />
stitutional, statutory, or other official<br />
or ceremonial duties are adequately<br />
documented and that such records<br />
are maintained” (www.archives.gov/<br />
about/laws/presidential-records.<br />
html).<br />
Private businesses, in contrast,<br />
must adhere to the stringent<br />
demands of Sarbanes Oxley and<br />
other regulatory acts — not to mention<br />
the after-the-fact scrutiny of the<br />
class-action plaintiffs’ bar.<br />
In particular, the recently adopted<br />
amendments to the Federal Rules of<br />
Civil Procedure (“FRCP”) impose<br />
strict standards for the storage and<br />
destruction of e-mail, and duties to<br />
produce it in litigation. With all of<br />
this alternative e-mail, it is fortunate,<br />
on the one hand, that the rules do<br />
not impose a duty to locate every<br />
possible electronic record, such as a<br />
critical e-mail that is not on the firm’s<br />
own system. “A party need not provide<br />
discovery of electronically<br />
stored information from sources that<br />
the party identifies as not reasonably<br />
accessible because of undue burden<br />
or cost.” On the other hand, however,<br />
the rules’ protection for those<br />
unable to produce relevant information,<br />
particularly that which has been<br />
destroyed or which is not maintained,<br />
do not provide a defense for<br />
casual failure to maintain records.<br />
“Absent exceptional circumstances, a<br />
court may not impose sanctions<br />
under these rules on a party for failing<br />
to provide electronically stored<br />
information lost as a result of the<br />
routine, good-faith operation of an<br />
electronic information system.”<br />
(Emphasis added.) If a firm knowingly<br />
permits those generating potential<br />
evidence — that is, everyone in<br />
the business who uses e-mail — to<br />
avoid the firm’s own systems for<br />
assembling that evidence, whether<br />
intentionally or not, then those<br />
defenses might be unavailable. The<br />
oversight might have been what<br />
many people responding to inquiries<br />
about the oversight would call “routine,”<br />
but almost certainly not “good<br />
faith operation.” No one wants to fall<br />
into such a fact-specific question as<br />
to whether the cost of not requiring<br />
every employee to adhere to a<br />
record-retention policy requiring use<br />
e-Commerce Law & Strategy ❖ www.ljnonline.com/alm?ecomm<br />
of the company’s own e-mail system<br />
was an “undue burden.”<br />
In fact, beyond the impact of the<br />
new rules, consider the practical burdens<br />
on an IT department facing a<br />
discovery demand, if use of the firm’s<br />
information-management software,<br />
systems and procedures is “optional”<br />
for those who prefer not to deal with<br />
it, and instead choose to use a<br />
personal e-mail address outside<br />
the system for their business correspondence.<br />
As mentioned above,<br />
responding to discovery requests<br />
might require assembling information<br />
from outside providers, either<br />
voluntarily (such as by requiring the<br />
employee to back up everything<br />
from the outside system into the document-management<br />
system), or by<br />
subpoena to a third party (at an<br />
unnecessary expense). Busy employees<br />
might not even keep copies of<br />
recent e-mail, much less of older correspondence.<br />
Implementation of a<br />
retention policy cannot be handled<br />
on a single server, as the IT staff may<br />
prefer, but will require them, at a<br />
minimum, to clean manually the<br />
memory of each affected user’s computer<br />
to eliminate records of saved<br />
mail. Of course, that work won’t<br />
purge anything from the service<br />
provider’s own servers and stored email<br />
— all of which an adverse party<br />
can obtain with relative ease — or<br />
from employees’ home computers or<br />
laptops that haven’t been synchronized<br />
with the system.<br />
THINGS CAN GO<br />
BUMP IN THE NIGHT<br />
IT management also becomes a<br />
nightmare. Monitoring employees’<br />
communications for objectionable<br />
content or activity, or for unauthorized<br />
transmission of proprietary<br />
information, becomes something like<br />
trying to catch raindrops with a sieve.<br />
Restoring data after a disaster, or<br />
locating the work of an employee<br />
who maybe left the firm before data<br />
was needed for litigation, becomes<br />
problematic. Data restoration assumes<br />
that the IT department can reconstruct<br />
all of the third party e-mail<br />
sources that the departed staffer<br />
used (whether or not the former<br />
employee shared that information,<br />
continued on page 5<br />
June 2007