The company has created a new product. It has passed all clinical trials. All regulatory hurdles have been cleared. It is perfect. It is going to change the world. It goes to the market… And now someone is suing.
In today’s litigious climate, it should come as no surprise that someone will find fault with your product, regardless of whether the complaint is legitimate. To paraphrase Benjamin Franklin: “Nothing can be said to be certain, except death, taxes, and litigation.” Trust us when we say that the day you receive that first Request for Production of Documents is not the first day you want to ponder your organization’s information governance policies.
The Sedona Conference has recommended that all organizations “should consider implementing an Information Governance program to make coordinated, proactive decisions about information for the benefit of the overall organization that addresses information-related requirements and manage risks while optimizing value.” [1]
Maintaining information is critical for organizations; however, retaining extensive volumes of unnecessary information can quickly become unwieldy, expensive, and potentially a liability risk.
The Silo
Most organizations approach record keeping much like a farmer does his crops: dump it in the silo to be collected or discarded as needed. While an excellent option for grain, each kernel being more or less the same, organizational records carry varying degrees of value, privacy, risk and security. Moreover, when individual business units within the organization make their own decisions about record retention without any organization-wide guidance, the result is often unneeded expense through duplication of effort and technology and/or inefficient sharing of information.
Information Governance
Broadly speaking, Information Governance helps ensure that decisions regarding record retention and storage made by individual business units will serve the entire organization. Further, establishing an Information Governance structure can provide more efficient access to crucial information, more reliable processes for eDiscovery, greater preparedness for change in law or technology, more effective risk management, and reduced costs. In the example above, a sound Information Governance structure allows the organization to quickly locate, identify, and collect records and documents that will be crucial to its case.
In structuring Information Governance, any program should consider principles of transparency, efficiency, integrity, compliance, and accountability.[2] This means that the Information Governance Program should be documented and available to all personnel (transparent); allow for easy data classification, retrieval, and disposition of documents no longer needed (efficient); managed in such a way as to ensure authenticity and reliability (integrity); developed so that it complies with all applicable laws and regulations (compliance); and overseen by someone with sufficient seniority to ensure that the organization enacts policies and can be audited (accountability).
While the Information Governance program should be independent of any single business unit, it should obtain input from all business units so that the program will represent the needs and interests of the organization as a whole. Key stakeholders, such as IT, legal, and other business units, should develop program objectives that coordinate and reconcile existing record management and data security with legal requirements and business needs.[3]
Lack of coordination, especially in cases of litigation holds, can result in unfavorable court rulings and fines, as occurred with Google in the Google Play Store Antitrust MDL. Google’s Information Governance rules ordinarily direct the deletion of employee Google Chat messages after 24 hours. Despite a litigation hold entered in September 2020, Google permitted the auto-deletion to continue and left it to the employees to determine whether a chat should be preserved. Finding that Google did not take reasonable steps to preserve electronically stored information (ESI) that should have been preserved under the Rules of Federal Procedure, the Northern District of California ordered Google to pay monetary sanctions. In re Google Play Store Antitrust Litigation, 664 F. Supp.3d 981 (N.D. Cal. 2003).
Document Lifecycle
One of the most important tasks of an Information Governance program is to establish guidance on the “effective, timely, and consistent disposal of physical and electronic information that no longer needs to be retained.”[4] Rules, regulations, and contractual obligations may influence stakeholders’ priorities.
In the absence of any legal retention or preservation obligations (i.e., legal requirement or existence of anticipated/pending litigation), organizations are at liberty to dispose of information in the ordinary course of business. As the U.S. Supreme Court in Arthur Andersen LLP v. United States, 544 U.S. 696, 708 (2005): “[a] ‘knowingly corrupt persuader’ cannot be someone who persuades others to shred documents under a document retention policy when he does not have in contemplation any particular official proceeding in which those documents might be material.” Similarly, the Advisory Committee Notes to the 2015 amendment to Rule 37(e) of the federal Rules of Civil Procedure, which outlines potential sanctions for failure to preserve ESI, clearly state that the duty to preserve ESI is only triggered when litigation is filed or reasonably anticipated; information lost before that duty arises is not subject to the rule. That said, selective retention of beneficial documents combined with selective destruction of harmful documents before any litigation has occurred may suggest to a court that litigation was anticipated.[5]
A close examination of existing policies on document retention can streamline eDiscovery by eliminating unnecessary information and creating an organized structure to locate and obtain data across the organization efficiently, reducing the risk of a data breach by enacting effective security and data storage practices, and achieve cost-savings by decreasing the volume of data that must be stored. Information not governed by any legal obligations should be disposed of when the benefit of its retention is outweighed by the cost of its continued storage and the risks associated with its retention.
In closing, any organization seeking to compete in the current market and survive the myriad legal and regulatory hurdles must implement an Information Governance program with a clear set of guidelines ordering the disposition of documents and information from the time they enter the custody or control of the organization to the time they are properly disposed. While the destruction of documents or ESI related to an impending or existing litigation will likely earn the ire of a court, retention of ESI when no legal obligation exists will result in expensive data storage bills and potential litigation in the event of a data breach. A balance must be struck between storing and archiving information that still has value while disposing of information that has no further use.
[1] The Sedona Conference, Commentary on Information Governance, Second Edition, 20 Sedona Conf. J. 95, 102 (2019).
[2] Id. at 120.
[3] Id. at 122-23.
[4] The Sedona Conference, Commentary on Defensible Disposition, Second Edition, 20 Sedona Conf. J. 179, 185 (2019).
[5] Id. at 191.
Finis