1 Best Practice For Retention Table of Contents Objective 2 Key Considerations 3 Retention Overview 5 The Law 6 Preservation and Searchability 8 Different Retention Approaches 9 Creating and Evangelising an Retention Policy 11 Implementation and Flexibility 12 Appendix A: Sample Retention Policy 14 Appendix B: Important E-Discovery Lessons to Learn 17 About The Laundry 20
2 Objective Developing a workable retention policy is vitally important for most organisations, as it helps define what messages need to be kept and for how long. But how do you ensure that you retain only what you need and nothing more? retention is especially tricky for a number of reasons. Volumes: The volume of created is staggering. Consider these facts: more than 99 percent of all documents are created and stored electronically, and somewhere around 60 billion s are being created and sent each day, according to analyst firm IDC. Because is easier to store, more of it is being retained and archived on backup tapes, servers, desktops, laptops, mobile devices and within archiving solutions. Informality: There is still a casual informality associated with . While some threads are not business records, many others are. And, unfortunately, sometimes it is challenging to tell the difference. Is the about scheduling lunch related to talking about your weekend or talking about your company s upcoming acquisition? Universality: Unlike some documents that may represent a company s intellectual property, which may only be created and shared by a handful of individuals at a company, is ubiquitous and is used by everyone (not just 5 percent of your employees). The purpose of this paper is to provide some best practices for clients grappling with retention. Throughout the course of our history, and as the leading hosted archiving provider, we have witnessed companies struggling with retention and provided guidance for hundreds of them looking to craft usable and workable retention policies. We have seen organisations deploy a number of different models and frameworks with varying degrees of success. The fundamental question in retention is whether to retain or delete each given message. Exhibit A: The Unfair Tradeoff
3 Customers only want to retain what they need: Inevitably, organisations must weigh the advantages of retaining information (in terms of its use to the business) with the liabilities of storing that information (e.g., storage costs, legal costs and risks that the messages come back to haunt you). This is further complicated by the fact that companies sometimes find messages they were not required to retain to actually be advantageous in arguing their case in an investigation or litigation matter. Just because you ve deleted your company s copy of a message doesn t mean the message no longer exists. Since messages have a FROM and a TO, there are inherently multiple copies of every message, many of which are outside your company s control. So how does a company balance all of these factors? Bottom Line: Though the decision on whether or not to retain data is complicated, if you have the data, it s better to store it all in one place. This way, you can easily and cost effectively search it for discovery and other purposes, versus having it spread across servers, desktops, laptops, mobile devices and backup tapes. Key Considerations Companies are creating and storing electronic information at light speed. As has emerged as a mission-critical business application, both the volume and size of s have grown exponentially, causing storage requirements to increase more than 50 percent per year. According to technology market research firm, The Radicati Group, storage requirements will grow from almost 18 MB per user, per day in 2007, to more than 28 MB per user, per day in This growth rate has had a significant impact on Exchange/ administrators. But when it comes to answering the fundamental question, How long should you keep around? there is no one-size-fits-all policy. Regulatory issues aside, there are some key issues to consider: What should you archive? Some companies choose to archive all for all users, while others choose to archive selected users (e.g., those on legal hold or in regulated roles) or selected messages. Make sure you under stand which regulations apply to your business before determining what to archive. How long should you retain messages? Most companies retain information indefinitely, assuming that even if they deleted their copy, another copy likely exists somewhere. Some companies have a blanket retention period for all data (e.g., 7 years), while others have granular retention policies by user or by message. At the end of the retention period, how do you dispose of data? You have to ensure no data on legal hold is deleted. In addition, you want to make this process as minimally invasive as possible.
4 Your answers to the following questions will help you decide what you need to archive, how long you need to retain these messages and how you dispose of after the retention period has expired: Table A: The Unfair Tradeoff Consideration What to ARCHIVE How to RETAIN How to DISPOSE Key Questions Do you need to archive all users or selected users? Do you need to archive all or selected ? Is there minimal impact to end users? Do you need to retain everything the same way? Can you really delete every copy of messages? Is there minimal impact to end users? Do you need to enforce non-tampering during retention? Do you wish to automatically expire content? Do you need to enforce litigation/legal holds? Unfortunately, there is no general consensus about how long you should retain your (unless you are in a heavily regulated industry, where the retention periods are clearly defined). This should not be surprising. It simply points to the complexity of matching business and legacy policies to the huge, unstructured and informal volume of communications we have today. Regardless of these considerations,in the US, the amendments to the Federal Rules of Civil Procedure, also referred to as FRCP, (see Appendix C) make it clear that what you have in your possession needs to be preserved and discoverable. The FRCP amendments apply to any organisation that has the potential to be involved in litigation in the U.S. Federal Court system. In short, the amendments mandate that companies be prepared for electronic discovery. The same was applied to the Irish Court system in 2009 when order 31 of the Irish Rules to the Superior Courts were amended to include the discoverability of Electronically Stored Information. The Civil Procedure Rules (CPR) in the UK essentially serve the same purpose as the Federal Rules of Civil Procedure (FRCP) in the United States and the issuance of Practice Direction 31B in October 2010 adds teeth to edisclosure requirements much like the amendments to the FRCP in December 2006 added teeth to ediscovery requirements in US Federal Court. Your organisation must know where your data is, how to retrieve it, how to meet data requests and must determine what data is not subject to search. All things considered, the ultimate question is, what system of retention yields the highest ROI and/ or least risk (in terms of the individual business)? Once you ve thought through these issues for your retention, you ll probably need to talk to an expert to make sure you are managing your risk as effectively as possible.
5 Retention: A Balancing Act Unfortunately, many organisations and administrators are facing challenges from all sides when it comes to retention. Despite official policies or limits on your server, if s are retained indefinitely and stored in multiple formats (e.g., desktop, laptop PCs, PSTs/NSFs, thumb drives and/ or backup tapes), it becomes difficult to perform consolidated searches. Moreover, implementing an enforceable legal hold becomes impossible to guarantee, which creates legal risk and exposure. Exhibit B: Retention vs. Searchability Without an archive, the situation for most companies is the worst of all worlds: Retention: Employees decide what to keep and what to delete. Extra copies of data are buried on desktops, laptops, mobile devices and backup tapes. More often than not, the information you were supposed to keep (e.g., on legal hold) isn t available, while the information you could have deleted still exists. Storage: The storage approach without an archive leads to further headaches and costs for IT staff. Bloated stores result in evermore storage purchases. Attempts to restrict mailbox size through quotas just pushes the problem onto the corporate network, where users squirrel away local archives (e.g., PST or NSF files), clogging up storage space and creating recovery headaches. Exploding storage also creates a backup window nightmare for IT. As a crude attempt to enforce legal holds, many IT organisations are forced to retain some or all backup tapes indefinitely, using up valuable tape capacity and IT budget.
6 Discovery: When you want to find information in question for a legal matter or an internal investigation, IT fire drills and costs abound without an archiving solution in place. IT is often forced to devote staff time or third-party budget to backup tape restores, network file share searches and desktop/laptop collection. Inevitably, IT then produces a large preponderance of irrelevant data, increasing downstream data processing and legal review costs. Ultimately, IT is inherently stuck in the middle of the lawyers and the data they seek. By simply implementing an archive, even with indefinite or undetermined retention policies, IT organisations can vastly streamline their operations: - Enforce consistent retention and adherence to legal holds - Reduce storage and backup issues and costs - Shrink discovery costs and simplify the process overall Furthermore, with a hosted archiving model that offers unlimited storage, IT can truly offload the entire long-term storage problem to the hosted provider. To provide a framework for creating a workable retention policy, we have developed a five-phase approach: Phase 1: What is the Law? Phase 2: Preservation and Searchability Phase 3: Different Retention Approach Phase 4: Creating and Evangelising an Retention Policy Phase 5: Implementation and Flexibility Phase 1: What is the Law? Is your company in a heavily regulated industry that has existing data retention requirements? Outside of regulations governing certain industries, the answer is usually a bit nebulous in terms of defining clear retention periods. In the US For SEC- and FINRA-regulated firms, Rule 17a-4 of the Securities and Exchange Act requires retention of s for at least three years, with the first two years stored in an easily accessible place. In the UK the Financial Services Authority (FSA) regulates financial services providers. The FSA's regulations require all financial institutions to store all business s sent and received for up to six years, and some s indefinitely, so that cases can be reviewed. But outside of financial services, there is no universal law for document retention. The only far-reaching requirement is to preserve documents, s and information when a company is on notice of pending litigation (per FRCP(US) CRP(UK)). At this point, a litigation hold must be implemented to retain information the company reasonably believes is discoverable in anticipated litigation. However, retention requirements vary from industry to industry and from case to case. Following is a breakdown of the primary regulatory bodies and/or regulations that apply to retention at a variety of regulated industries and general businesses.
7 US Banking: FDIC, OCC (Office of the Comptroller of the Currency) Telecommunications: FCC Title 47, Part 42 Pharmaceutical: FDA Title 21, Part 11 Healthcare: HIPAA (Health Insurance Portability and Accountability Act) Defense: DOD Standard Brokerage Firms: SEC Rule 17a-3 and 17a-4 Investment Advisors: SEC Rule (Books and Records Retention) General Business Oversight: Sarbanes-Oxley Act (SOX) SOX is the government s response to the Enron debacle. It contains provisions for record retention and audits. It strongly discourages anyone from altering, destroying, hiding or falsifying records in response to a federal investigation or bankruptcy proceeding. Penalties include significant fines and/or imprisonment of up to 20 years. UK Freedom of Information Act 2006 The Data Protection Act 1998 (DPA) applies Court Action under the The Sarbanes-Oxley Act Financial Services Authority (FSA) Employment Tribunals The Data Retention Regulations 2009 Ireland Freedom of Information Act 1998 Amended 2003 Data Protection (Amendment) Act 2003 Statutory Instrument No. 93 of 2009 has made some significant changes to electronic discovery in Ireland. Here is a summary of the effects: - a party may seek electronic data in searchable form from its opponent; - the court may order a party to give inspection and search facilities for electronic data on its computer systems to the other side
8 - where computers contain sensitive non-discoverable data, the court instead may order that an independent expert carry out the inspection and search for relevant electronic data (the party seeking that discovery will have to fund the expert s costs and expenses) - where a party giving discovery finds that searching for the documents or data is excessively costly or burdensome, it may apply to the court to seek to narrow the scope of the discovery order - a party giving discovery must list the documents or data according to agreed categories or in a sequence corresponding with the manner in which the documents or data has been stored or kept in the usual course of business the intention is to make discovery more comprehensible - all parties giving discovery must swear in an affidavit of discovery that they understand their obligation to give discovery of documents and electronic data (within the categories of discovery agreed or ordered by the court) which may help or damage their case in any way. The Sarbanes-Oxley Act for US related companies Employment Tribunals Given such regulations, legal considerations and electronic discovery are quickly becoming the primary drivers for archiving and retention policies. Increasingly, it is becoming imperative to have an retention policy and a means of implementing litigation holds if your company even has a small chance of being sued in civil court (i.e., most organisations). Recent spoliation case law (see Appendix B for lessons gleaned from recent cases) demonstrates the devastating impact of not having these measures in place. Are you saving a complete data set? If challenged or facing litigation proceedings, your data must be complete. Can you retrieve the content of an that is five years old? In addition, can you: Identify clear policies applied to each ? Demonstrate the inability to tamper with or delete and attachments? Ensure that messages involved in litigation or potential litigation are placed on legal hold? Perform and save detailed searches of all company ? If not, where do you start? Phase 2: Preservation & Searchability After understanding which regulations apply to your industry, one of the first phases we typically address with our clients is preservation and the searchability of the archive. Our guidance to clients (regardless of industry) is to start archiving as soon as possible. You can apply retention policies after the fact, but you want to start consolidating your stores into a single, online repository. After your is being securely captured, stored and indexed in the The Laundry archive, you can quickly search the entire contents of archived s and attachments, using a variety of search criteria, including to, from, date, subject, message body, message attachments and other message properties.
9 Please see Exhibit B on page six for some of the challenging tradeoffs between retention and searchability. Reviewers can efficiently navigate through search results, identify highlighted search terms and tag potentially harmful s, so they are easily retrievable for further review. Once you have tagged all s related to a specific case or matter, you can export the results into a case management solution or other application for further review and analysis. Reviewers can create and save customised searches based on your organisation s policies and rerun them as necessary. Reviewers can also setup Policy Alerts to notify them when an meets Saved Search criteria (e.g., contains specific words or phrases). These features ensure that your archive can be searched without causing IT interruptions, searches can be performed by outside service providers or consultants (if necessary) and you avoid the typical cost over-runs associated with advanced searches. One of the biggest advantages of a hosted archiving solution with these types of searching capabilities is the ability to quickly cull large data sets and produce only the most relevant s for in-house attorneys, case management tools and eventually opposing counsel. Given the current cost of e-discovery (typically more than 30 percent of a lawsuit s total cost), the cost savings from efficient data searches can be significant, since the most expensive part of any discovery phase is the attorney time spent reviewing documents and s. Phase 3: Different Retention Approaches At The Laundry, we have seen firsthand how different organisations approach retention with varying levels of success. Following is a snapshot of the most common type of retention policies that we ve seen deployed: Savers: Most companies are concluding that information is going to exist no matter what, and it is better to save it. This way they know that the s are preserved within the archive, they have them for business value and they don t have to deal with the implications of deleting (i.e., from an end user, legal or business case perspective). Thus, they retain data indefinitely. Procrastinators: A large segment of companies have retention policies set, but set deletion dates well into the future. In these cases, many organisations have not yet had to delete s from their archives. Others continually extend the expiration dates when they come due, which effectively nullifies the written policies. Fixed Period: A small group of clients want to keep data for all employees for a fixed period (e.g., three years), except for s placed on litigation holds. Group Level: Some organisations stipulate different retention periods based on specific user groups (e.g., executives). This is often the case with large businesses, where certain groups (e.g., SEC-regulated employees) have specific retention periods mandated by regulations. User Driven: This approach applies a short default retention period for all items, unless a user tags an item as being appropriate for longer retention. Comparing Your Retention Options As discussed, retention is clearly a balancing act, but understanding your options and the pros and cons associated with each option can help you develop your organisation s retention policy. Based on our experience, we have seen the following retention policies put into practice.
10 Table B: Compaing Your Retention Options
11 Note: The Laundry can selectively archive (or exclude from archiving) an individual user s . Users can also self-select retention periods for each , using the tagging feature in The Laundry Personal Archive. In light of these various shortcomings, a growing number of organisations are retaining everything indefinitely and make no systematic attempts to delete s at all. In the end, the most effective retention periods are often the ones that are the simplest and easiest to communicate and implement. Phase 4: Creating and Evangelising an Retention Policy First and foremost, companies should have an retention policy, and it must be actively enforced and audited. Keep It Simple When it comes to crafting your retention policy, it s critical to keep it simple. First, let s review some best practices when creating retention policies. - Simplicity is the key: If you have a 100-page retention policy you created for your paper records management strategy, throw it out. Well, not really. But, you should trim it down to something that your users can understand in the electronic world. - Engaging your end users: If you want your users involved, your retention policy needs to be super simple (i.e., no more than three to five categories and a simple action for categorising). Plus, make sure to explain the rationale for having an retention policy in the first place. - Expect your users to cheat: If you offer multiple retention periods, assume many users will choose the longest. Similarly, if you provide a restrictive policy, assume users will find ways to save data outside of the system (e.g., PST/NSF files or USB hard drives). - Apply common sense: There is no way for a computer to automatically figure out what an message really means. This means either your users have to be involved, or you have to use basic rules (e.g., assign retention periods to specific user groups, etc.). - Multiple copies of the same There is no point deleting data in one place (e.g., archive) and leaving it exposed and discoverable in other places (e.g., in PST files on user desktops). If you are going to delete from the archive, make sure you: (a) are not retaining backup tapes longer than the archive retention period; and (b) disable the creation of local archives (PST/NSF files) from your server. - Importance of legal holds: No matter what retention policy you create, make sure you retain data that is on legal hold. Nothing is more detrimental to your case than spoliation of electronic evidence (i.e., the intentional or negligent withholding, hiding, alteration or destruction of evidence relevant to a legal proceeding). Even if you just anticipate litigation, you are mandated to preserve any message(s) and ensure that you can make those s available to opposing counsel (no matter how hard or expensive it is to search for and retrieve them). Crafting an Effective Retention Policy When crafting your retention policy, make sure to address these important considerations: - Identify clear policies applied to each - Demonstrate the inability to tamper with or delete and attachments - Ensure messages that are involved in litigation or potential litigation are placed on legal hold - Perform and save detailed searches of all company
12 Involving all areas of the company Many companies make the mistake of not involving all areas of the company when creating an retention policy. An retention policy is not just a legal document, it affects employee productivity companywide. It is important that you understand how employees use the system. Do they create their own personal archives? How often do they reference old s? Understanding these things ensures you don t put procedures in place that will adversely affect employee productivity. Enforcing the policy Are you planning to put an automated archiving system in place, or will you rely on manual procedures? You can rely on manual procedures, but you will need to include step-by-step retention instructions that employees can follow and provide employee training to ensure the policy enforcement. In most cases, an automated archiving system ensures policy enforcement and raises employee productivity. Communicating the new policy to all employees Employee communication and training can lower your compliance risk and legal liability. A good retention policy should include the following information: Person or department responsible for the policy Scope/coverage Purpose of the policy Policy statement: This can include a company philosophy statement about the business/ legal/ regulatory reasons for records retention Definitions Responsibilities/Procedures Consequences if the policy is not followed Effective date For a sample retention policy, please see Appendix A. Phase 5: Implementation and Flexibility An retention policy is only as good as its implementation. A policy needs to be rigorously enforced from top management down. Companies must make sure they educate their employees about not only the policy, but also the implications of not following it. The policy must be easy to follow, periodically reviewed and regularly audited. The policy should also address the fact that employees may store and save information in different ways (e.g., save to a PST) and on different hardware (e.g., some s may get saved on BlackBerry devices). In addition, the policy must be flexible enough to be suspended if a litigation hold is necessary. The policy should also address the litigation hold process and how it is implemented, including any policy on backup tapes. By leveraging The Laundry s hosted archiving solutions, you can rest assured that all of your is automatically being preserved in a secure, centralised repository. In other words, our service does not rely on your end users for preservation. You can further rely on The Laundry to follow your designated deletion policies, so the archive reflects your written policies. Finally, with The Laundry s legal hold functionality, you can easily comply with any preservation request.
13 A Closing Note Companies must walk a narrow course between the expensive and risky extremes of management. An retention policy should not just be a piece of paper. It should define a comprehensive process that includes the following steps: Implement an archiving solution to capture and store all s and attachments Develop a simple and enforceable retention policy Communicate your retention policy (and the rationale for your policy) to all stakeholders Provide full-text search capabilities for reviewers and legal stakeholders Preserve regulated data on non-rewritable, non-erasable formats (an important provision of the SEC regulations) Automatically verify the quality, completeness and accuracy of the archiving, retention and deletion processes As technology continues to change, so will the law. Consequently, organisations must be vigilant to ensure that retention policies conform to the rule of law, are clearly communicated to end users and are supported by an archiving solution.
14 Appendix A: Sample Retention Policy 1.0 Purpose The Retention Policy is intended to help employees and administrators determine what information sent or received by should be retained and for how long. (Note: This policy needs to be modified based on your specific retention requirements.) The information covered in these guidelines includes, but is not limited to, information that is either stored or shared via and instant messaging technologies. All employees should familiarise themselves with the retention topic areas that follow this introduction. Important Note: All s and attachments are automatically retained indefinitely by The Laundry unless advised otherwise by the client. Authorised administrators can apply tags to specify retention periods. Using The Laundry Tags: Authorised reviewers/administrators can create and save customised searches based on your organisation s policies, and rerun them as necessary. Approved reviewers can efficiently navigate through the search results and tag potentially relevant s, so they can be deleted from the archive. Reviewers can also setup Policy Alerts based on retention tags to notify them when an meets Saved Search criteria (e.g., contains retention dates). Questions about the proper classification of a specific piece of information should be addressed with your manager. 2.0 Scope This retention policy is secondary to <Company Name> policy on Freedom of Information and Business Recordkeeping. Any that contains information in the scope of the Business Recordkeeping policy should be treated in that manner. All <Company Name> and instant message information are categorised into four main classifications with retention guidelines: Administrative Correspondence (4 years) Fiscal Correspondence (4 years) General Correspondence (1 year) Ephemeral Correspondence (Retain until read, destroy) Note: The Laundry can selectively archive (or exclude from archiving) individual users . Users can also self-select which s they wish to archive if you do not want to archive all messages from all mailboxes. 3.0Policy 3.1Administrative Correspondence <Company Name> Administrative Correspondence includes, but is not limited to, clarification of established company policy, including holidays, time card information, dress code, work place behaviour and any legal issues, such as intellectual property violations. All with the information sensitivity tag Management Only shall be treated as Administrative Correspondence. 3.2 Fiscal Correspondence <Company Name> Fiscal Correspondence is all information related to revenue and expenses for the company. We retain fiscal correspondence for four years, and all s that fall into this category should be tagged accordingly.
15 3.3 General Correspondence <Company Name> General Correspondence covers information that relates to customer interaction and the operational decisions of the business. The individual employee is responsible for retention of General Correspondence. 3.4 Ephemeral Correspondence <Company Name> Ephemeral Correspondence is by far the largest category and includes personal , requests for recommendations or review, related to product development, updates and status reports. These s can be deleted from the desktop/laptop PC, but they will be retained in the archive for one year. 3.5 Instant Messenger Correspondence <Company Name> Instant Messenger General Correspondence may be saved with the logging function of Instant Messenger or copied into a file and saved. Instant Messenger conversations that are Administrative or Fiscal in nature should be appropriately tagged within the archive to reflect a longer retention period. 3.6 Encrypted Communications <Company Name> Encrypted Communications should be stored in a manner consistent with <Company Name> Information Sensitivity Policy, but in general, information should be stored in a decrypted format. 3.7 Recovering Deleted Via Backup Media <Company Name> maintains backup tapes from the server. Once a quarter, a set of tapes is taken out of the rotation and moved offsite. No effort will be made to remove from the offsite backup tapes. Note: All communications sent and received are also automatically captured in The Laundry s hosted archives. 4.0 Enforcement Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. 5.0 Terms and Definitions Approved Electronic Mail Approved Electronic Mail refers to all mail systems supported by the IT Support Team. These include, but are not necessarily limited to, [insert corporate supported mail servers here]. If you have a business need to use other mail servers, contact the appropriate support organisation. Approved Encrypted and Files Techniques include the use of DES and PGP. DES encryption is available via many different public domain packages on all platforms. PGP use within <Company Name> is done via a license. Please contact the appropriate support organisation if you require a license. Approved Instant Messenger The [Insert your approved IM client here] IM Client is the only IM that is approved for use on <Company Name> computers. Individual Access Controls Individual Access Controls are methods of electronically protecting files from being accessed by people other than those specifically designated by the owner. On UNIX machines, this is accomplished by careful use of the chmod command (use man chmod to find out more about it). On Macs and PCs, this includes using passwords on screensavers, such as Disklock.
16 Insecure Internet Links Insecure Internet Links are all network links that originate from a locale or travel over lines that are not totally under the control of <Company Name>. Encryption Secure <Company Name> sensitive information in accordance with the Acceptable Encryption Policy. International issues regarding encryption are complex. Follow corporate guidelines on export controls on cryptography, and consult your manager and/or corporate legal services for further guidance. 6.0 Revision History Use this section to record a log of all changes made to this document so there is written history of the changes made and when they were made.
17 Appendix B: Important E-Discovery Lessons to Learn Source: The Concise Guide to E-Discovery, Osterman Research (June 2010) There are a large and growing number of cases and decisions that are relevant to consider in the context of e-discovery that highlight some of the common e-discovery mistakes to avoid, including the following: US Cases You can win a lawsuit and still lose on e-discovery issues Keithley v. Homestore, Inc. Kevin Keithley v. The Home Store.com, Inc., 2008 U.S. Dist. LEXIS (August 12, 2008) Keithley won on summary judgment, but still had to pay $283,000 in fees for failing to preserve and produce required electronic evidence. Using a work computer can eliminate privilege Alamar Ranch v. City of Boise Alamar Ranch, LLC v. City of Boise, 2009 WL (D. Idaho Nov. 2, 2009) This case held that s sent by a non-party to a lawyer are not protected by attorney-client privilege if a company policy exists stating that s sent using company facilities are subject to monitoring. If you withhold s, the sanctions can be significant Qualcomm, Inc. v. Broadcom Corporation No. 05-CV-1958-B (BLM), 2007 WL (S.D. Cal. August 6, 2007) Although Qualcomm initially prevailed in this case, it was discovered after the ruling that thousands of s were withheld during the case; the Court subsequently awarded $8.5 million in attorney s fees and costs against Qualcomm. If all you have is backup tapes, you might still be required to produce data Disability Rights Council of Greater Washington v. Washington Metropolitan Area Transit Authority 2007 U.S. Dist. LEXIS Production of from backup tapes was ordered by the Court at the expense of the producing party. The Court also noted that the Safe Harbor provisions of Rule 37(e) do not apply if data destruction is not suspended after a litigation hold. Omnicare, Inc. v. Mariner Health Care Mgmt. Co WL The court ruled in this case that just because ESI is now contained on backup tapes instead of in active stores does not necessarily render it not reasonably accessible. You might need to produce metadata in addition to electronic documents Ryan v. Gifford Civ. No CC, 2007 WL (Del. Ch., Nov. 30, 2007)
18 The Court ordered the production of documents identified in plaintiffs motion to compel in a format that will permit review of metadata, as plaintiffs have clearly shown a particularised need for the native format of electronic documents with original metadata. Your employees home computers might be subject to e-discovery Orrell v. Motorcarparts of America, Inc WL (W.D.N.C. Dec. 5, 2007) The court ordered the production of a plaintiff s home computer for forensic examination. You might have to produce data, no matter how difficult it is or how much it costs Auto Club Family Insurance Co. v. Ahner 2007 WL (E.D. La. August 29, 2007) Like other courts that have addressed this issue, this court will not automatically assume that an undue burden or expense may arise simply because electronic evidence is involved. FRCP Rules 34 and 45 were amended to provide for routine discovery of electronically stored information from parties and non- parties. In fact, whether production of documents is unduly burdensome or expensive turns primarily on whether it is kept in an accessible or inaccessible format (a distinction that corresponds closely to the expense of production). But in the world of electronic data, thanks to search engines, any data that is retained in a machine readable format is typically accessible. [Emphasis added] Don t intentionally delete data that might be discoverable Ameriwood Ind., Inc. v. Lieberman 2007 WL (E.D. Mo. July 3, 2007) The defendants in this case deleted electronic content and used disk-scrubbing software on a number of hard drives a short time before they were to be provided to a forensic expert in a case involving misappropriation of trade secrets. The court entered a judgment for the plaintiff and ordered the defendant to pay the plaintiff s attorney fees and other costs. Micron Technology, Inc. v. Rambus, Inc. C.A. No SLR (January 9, 2009) Rambus aggressive document deletion policy destroyed documents that the court ruled it had a duty to preserve, resulting in the court s sanction that certain patents were not enforceable against Micron. UK Cases Al Sweady v the Secretary of State for Defence4 The defendant denied having further disclosable documents, but then realised that it had more documents than it could deal with; it was ordered to pay costs of 1 million, had to concede the claim, and was severely criticised. Shoesmith v Haringey, OFSTED and the Secretary of State for Education Civ. No CC, 2007 WL (Del. Ch., Nov. 30, 2007)
19 Office of Fair Trading against BA and Virgin OFT gained access to a corrupted file in mid-trial; they were unable to comply with the court s deadline for disclosure of the file s contents, and withdrew the prosecution. Irish Cases Dome Telecom, Ltd. v. Eircom, Ltd. (2007) IESC 59 The Supreme Court held that in the future and depending on the circumstances, [i]t may be necessary to direct a party to create documents even if such documents do not exist at the time the order is made. This analysis comports with prior Irish and also UK treatment of ESI and the creation of reports on that data in certain circumstances.
20 About The Laundry Established in 2007 as a security technology provider to the IT sector The Laundry quickly became the standard bearer for accurate spam and virus filtering. The company currently holds seven Virus Bulletin awards for accuracy of its service, having come first worldwide in its reputation based filtering in six of the tests. The company expanded its services to include an archiving and e-discovery service for in This was then tied together with an continuity service providing their customers with a very high end resilient service. The service became very popular in the London based Financial services sector where the rules for retention and discoverability are very clear. The Laundry service provided IT companies the means to make their customers compliant with FSA regulations. In 2010 the security as a service package was completed with the establishment of a web security service. In 2011 the company was shortlisted for the ICT excellence award for world class innovation. The Laundry has over 3500 companies using its services. More information is available at
Best Practices Guide for Email Retention July 2010 Prepared By: LiveOffice LLC, 2780 Skypark Drive, Suite 300, Torrance, California 90505 www.liveoffice.com Best Practices Guide for Email Retention (July
Elements of a Good Document Retention Policy Discovery Services WHITE PAPER Document retention especially the retention of electronic data has become a hot topic in the legal industry. In the wake of several
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION
Forensically Sound Preservation and Processing of Exchange Databases Microsoft Exchange server is the communication hub for most organizations. Crucial email flows through this database continually, day
CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline) David J. Chavolla, Esq. and Gary L. Kemp, Esq. Casner & Edwards, LLP 303 Congress Street Boston, MA 02210 A. Document and Record Retention Preservation
Archiving and The Federal Rules of Civil Procedure: Understanding the Issues An ArcMail Technology Research Paper ArcMail Technology, Inc. 401 Edwards Street, Suite 1620 Shreveport, Louisiana 71101 www.arcmailtech.com
WHITE PAPER: THE INEVITABLE EXTINCTION OF PSTS........................................ The Inevitable Extinction of PSTs Who should read this paper Microsoft Exchange administrators are responsible for
savvisdirect White Papers Email Archiving, Compliance & ediscovery for Legal Professionals Services not available everywhere. CenturyLink may change or cancel services or substitute similar services at
Proactive Data Management for ediscovery Simon Taylor Snr. Director Information Management CommVault Systems Inc. Why ediscovery sucks for IT The US Federal Rules of Civil Procedure Rule 34(a), (b) Definition
Solving.PST Management Problems in Microsoft Exchange Environments An Osterman Research White Paper sponsored by Published April 2007 sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
E-DISCOVERY: BURDENSOME, EXPENSIVE, AND FRAUGHT WITH RISK If your company is involved in civil litigation, the Federal Rules of Civil Procedure regarding preservation and production of electronic documents
White Paper MessageOne, Inc. 11044 Research Blvd. Building C, Fifth Floor Austin, TX 78759 Toll-Free: 888.367.0777 Telephone: 512.652.4500 Fax: 512.652.4504 www.messageone.com Introduction From the executive
Best Practices Series Document Retention and Best Practices 1. Sarbanes Oxley Act provides guidance to businesses Sections 802 and 1102 of SOX make it a crime to alter, cover up, falsify, or destroy any
Everything You Wanted to Know About ESI and E-Discovery but Were Afraid to Ask Jason M. Pistacchio Presented By: Gregory S. Johnson Attorney Attorney/Legal Technologist Cosgrave Vergeer Kester LLP Paine
E-DISCOVERY & PRESERVATION OF ELECTRONIC EVIDENCE Ana Maria Martinez April 14, 2011 This presentation does not present the views of the U.S. Department of Justice. This presentation is not legal advice.
WHITE PAPER: CUSTOMIZE WHITE PAPER: BEST PRACTICES FOR ARCHIVING Confidence in a connected world. Best Practices for Defining and Establishing Effective Archive Retention Policies Sponsored by Symantec
WHEPAPER The Disconnect Between and Teams Examples of what each side doesn t know #2 in a series of 4 whitepapers. Circulate this document to,, and company management. It can be used to start a dialog,
MINIMIZING THE PAIN OF ediscovery WITH A PROACTIVE STRATEGY How a proactive ediscovery strategy will result in dramatic cost and IT time savings. By Osterman Research Table of Contents 2 WHY YOU SHOULD
WhitePaper Concise Guide to E-discovery Contents i. Overview ii. Importance of e-discovery iii. How to prepare for e-discovery? iv. Key processes & issues v. The next step vi. Conclusion Overview E-discovery
Lowering E-Discovery Costs Through Enterprise Records and Retention Management An Oracle White Paper March 2007 Lowering E-Discovery Costs Through Enterprise Records and Retention Management Exponential
!! An Osterman Research White Paper Published January 2010 SPONSORED BY onsored by!! sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Tel: +1 253 630 5839 Fax: +1
MARCH 7, 2007 E-Discovery: The New Federal Rules of Civil Procedure A Practical Approach for Employers By Tara Daub and Christopher Gegwich News of the recent amendments to the Federal Rules of Civil Procedure
Director, Value Engineering April 25 th, 2012 Copyright OpenText Corporation. All rights reserved. This publication represents proprietary, confidential information pertaining to OpenText product, software
E-Discovery and Electronically Stored Information (ESI): How Can It Help or Hinder a Case? Rosevelie Márquez Morales Harris Beach PLLC New York, NY Rosevelie Márquez Morales is a partner at Harris Beach
Rackspace Archiving Compliance Overview Freedom Information Act Sunshine Laws The federal government and nearly all state governments have established Open Records laws. The purpose of these laws is to
How to Avoid the Headache of User Mailbox Quotas Email Archiving Top Four Storage Management Challenges and Solutions Executive Summary Corporate email contains business critical information which is relied
E-Discovery Quagmires An Ounce of Prevention is Worth a Pound of Cure Rebecca Herold, CISSP, CISA, CISM, FLMI Final Draft for February 2007 CSI Alert While updating the two-day seminar Chris Grillo and
Store, Manage, and Discover Critical Business Information Managing millions of mailboxes for thousands of customers worldwide, Enterprise Vault, the industry leader in email and content archiving, enables
Electronic Discovery How can I be prepared? September 2010 Presented by Brian Wilkinson, Director of ediscovery & Computer Forensics email@example.com 410-659-3473 Table of Contents Page 1 Electronic
University of California, Merced Measures Regarding Litigation Holds and Preservation of Electronically Stored Information (ESI) Responsible Officials: Executive Vice Chancellor and Provost Vice Chancellor
UNDERSTANDING E DISCOVERY A PRACTICAL GUIDE 1 What is ESI? Information that exists in a medium that can only be read through the use of computers Examples E-mail Word Documents Databases Spreadsheets Multimedia
WHITEPAPER EMAIL ARCHIVING 10 Reasons Why Enterprises Select Symantec.cloud for Archiving Who should read this paper CIOs, CFOs, IT Managers, Legal and Risk Management Officers, HR Managers WHITE PAPER:
1. ediscovery # Is ediscovery eating a hole in your companies wallet? 90% Of New Records are Created Electronically Only 50% Of Electronic Documents are Printed The Number of GB processed per year is growing
102 ediscovery Shakedown: Lowering your Risk Long-Term Care Session HCCA Compliance Institute April 27, 2009 Las Vegas, Nevada Presented by: Diane Kissel, Manager IS Risk & Compliance Kindred Healthcare,
Make better decisions, faster March 2008 Integrated email archiving: streamlining compliance and discovery through content and business process management 2 Table of Contents Executive summary.........
Email Archiving E-mail Compliance Storage Management Electronic Discovery archiver Athena www.athenaarchiver.com Athena Archiver is a next-generation email and instant message archiving system which enables
Article originally appeared in the Fall 2011 issue of The Professional Engineer Electronic Discovery in Litigation By Douglas P. Jeremiah, P.E., Esq. Your firm is involved in litigation and you get the
Case 2:14-cv-02159-KHV-JPO Document 12 Filed 07/10/14 Page 1 of 10 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF KANSAS KYLE ALEXANDER, and DYLAN SYMINGTON, on behalf of themselves and all those
ediscovery and Information Governance Practice Overview ediscovery and Information Governance Electronic discovery, or ediscovery, is increasingly changing from the exception to the norm in modern litigation.
Electronic Discovery and the New Amendments to the Federal Rules of Civil Procedure: A Guide For In-House Counsel and Attorneys By Ronald S. Allen, Esq. As technology has evolved, the federal courts have
Symantec Enterprise Vault for Microsoft Exchange Server Store, manage, and discover critical business information Data Sheet: Archiving Trusted and proven email archiving performance and users can enjoy
BEST PRACTICES FOR PREPARING YOUR BUSINESS FOR E-DISCOVERY I. Background The Federal Rules of Civil Procedure provide for document production in the discovery process. Until recently, all types of documents
A Guide To Email Retention And UK Compliance Laws Overview Now recognised as the primary channel of business communication for organisations in every industry, email contains enormous amounts of important
: Discovering What There Is to Discover One of the challenges in electronic discovery is identifying the various sources of electronically stored information (ESI) that could potentially be relevant to
PRODUCT BRIEF: CA MESSAGE MANAGER CA Message Manager THE PROACTIVE MANAGEMENT OF EMAIL AND INSTANT MESSAGES IS INTEGRAL TO THE OVERALL STRATEGY OF INFORMATION GOVERNANCE. THERE ARE MANY COMPLEX CHALLENGES
The evolution of data archiving 1 1 How archiving needs to change for the modern enterprise Today s enterprises are buried by data, and this problem is being exacerbated by the unfettered growth of unstructured
Strategies for Preparing for E-Discovery The amendments to the U.S. Federal Rules of Civil Procedure regarding the discovery of electronically stored information make it imperative for organizations to
WHITEPAPER The Disconnect Between Legal and IT Teams The Duty to Preserve Why manual email archiving and user categorization doesn t cut it anymore #4 in a series of 4 whitepapers. Circulate this document
Electronic Discovery Presented by: Jonathan Adams www.salixdata.com 513-381-2679 Our Goal Explain E-Discovery in layman s terms Equip you to be able to add value to your organization SALIX is the region
A BNA, INC. DIGITAL DISCOVERY & E-EVIDENCE! VOL. 7, NO. 11 232-235 REPORT NOVEMBER 1, 2007 Reproduced with permission from Digital Discovery & e-evidence, Vol. 7, No. 11, 11/01/2007, pp. 232-235. Copyright
Policy No: 3008 Title of Policy: Preservation and Production of Electronic Records Applies to (check all that apply): Faculty Staff Students Division/Department College _X Topic/Issue: This policy enforces
Why you need Cryoserver for your Office 365 cloud service March 2014 FCS (UK) Ltd +44(0)800 280 0525 (EMEA) 1-866-311-1652 (US Toll Free) firstname.lastname@example.org www.cryoserver.com Introduction Contents Introduction...
A Practical Guide to Understanding ediscovery for Insurance Claims Professionals ediscovery Defined and its Relationship to an Insurance Claim Simply put, ediscovery (or Electronic Discovery) refers to
Todd Heythaler Information Governance & ediscovery Trends & Landscapes State & Local Government Challenges Approach to ediscovery & FOIL requests Getting Started Trends & Landscape Requests for Information
125 In-House Solutions to the E-Discovery Conundrum Retta A. Miller Carl C. Butzer Jackson Walker L.L.P. April 21, 2007 www.pointmm.com I. OVERVIEW OF THE RULES GOVERNING ELECTRONICALLY- STORED INFORMATION
Legal White Paper Series: The Real Costs & Risks of Email, Part2 COST-EFFECTIVE SOLUTIONS TO MITIGATE RISK AND CONTROL LITIGATION COSTS How in-house counsel can leverage Mid-Market Information Management
Electronic Discovery L. Amy Blum, Esq. UCLA University of California, Los Angeles 1 Topics Not Covered Best practices for E-mail E use and retention in the ordinary course of business Records Disposition
Veritas Enterprise Vault for Microsoft Exchange Server Store, manage, and discover critical business information Trusted and proven email archiving Veritas Enterprise Vault, the industry leader in email
Store, Manage, and Discover Critical Business Information Trusted and Proven Email Archiving Symantec Enterprise Vault, the industry leader in email and content archiving, enables companies to store, manage,
Electronic Record Retention and ediscovery Peter Pepiton ediscovery Product Manager CA Information Governance Agenda What is all this ediscovery buzz? Email is major focus of ESI Impact of New FRCP rules
www.sonasoft.com INTRODUCTION In this digital age, small and medium businesses (SMBs) continue to rely heavily on e mail as their primary form of business communications. This has led to a proliferation
SAMPLING: MAKING ELECTRONIC DISCOVERY MORE COST EFFECTIVE Milton Luoma Metropolitan State University 700 East Seventh Street St. Paul, Minnesota 55337 651 793-1246 (fax) 651 793-1481 Milt.Luoma@metrostate.edu
BEYOND THE HYPE: UNDERSTANDING THE REAL IMPLICATIONS OF THE AMENDED FRCP PA G E : 1 BEYOND THE HYPE: Understanding the Real Implications of the Amended Federal Rules of Civil Procedure A Clearwell Systems
Electronic Discovery: Litigation Holds, Data Preservation and Production April 27, 2010 Daniel Munsch, Assistant General Counsel John Lerchey, Coordinator for Incident Response 0 E-Discovery Rules Federal
Recovering Microsoft Exchange Server Data An Altegrity Company 1 Why Recovering and Searching Email Archives Is Important 3 Why Recovering and Searching Email Archives Is Difficult 5 How Ontrack PowerControls
Waiting to Upgrade: Understanding Archiving and ediscovery Limitations in Exchange 2010 by Michael Noel and Rick Wilson Contents Understanding the Business Need for Archiving and ediscovery... 3 Overview
Redgrave Daley Ragan & Wagner LLP 1 Introduction Over the past several years, the reliance that organizations place on e-mail as their primary form of business communication has grown exponentially. The
The Importance of Appropriate Record Retention Policies Copyright 2003 by Document Technologies, Inc. David Shub, Discovery and Records Management Director 1 With HIPAA, Sarbanes-Oxley, and various high-profile
Symantec Enterprise Vault for Microsoft Exchange Store, manage, and discover critical business information Data Sheet: Archiving Trusted and proven email archiving Symantec Enterprise Vault, the industry
Policy Number: M-17 University of Louisiana System Title: RECORDS RETENTION & Effective Date: OCTOBER 10, 2012 Cancellation: None Chapter: Miscellaneous Policy and Procedures Memorandum Each institution
10 Point Plan to Eliminate PST Files Executive Summary When it comes to assuring a comprehensive corporate data retention and litigation readiness plan, no single data set seems to present more challenges
Proofpoint Email Archiving Whitepaper: A look at the pros and cons of Software-as-a-Service and how they apply to email archiving. threat protection compliance archiving & governance secure communication
White Paper ARCHIVING FOR EXCHANGE 2013 A Comparison with EMC SourceOne Email Management Abstract Exchange 2013 is the latest release of Microsoft s flagship email application and as such promises to deliver
Email Archiving, Retrieval and Analysis The "If you are going to find a smoking gun, you will find it in email." Abstract Organisations are increasingly dependent on email for conducting business, internally
Email Management Trends, Troubles, and Solutions Kevin O Connor General Manager, Content Management & Archiving 1 Information Challenges Lead to Archiving Data Growth Digital Proliferation Cost Escalating
2016 CLM Annual Conference April 6-8, 2016 Orlando, FL Reduce Cost and Risk during Discovery E-DISCOVERY GLOSSARY Understanding e-discovery definitions and concepts is critical to working with vendors,
Navigating Information Governance and ediscovery Implementing Processes & Technology to Reduce Downstream ediscovery Cost and Risk Shannon Smith General Counsel, Globanet March 11 12, 2013 Agenda 1 Overview
Legal Considerations for E-mail Archiving Why implementing an effective e-mail archiving solution can help reduce legal risk Written by: Quest Software, Inc. Executive Summary Copyright Quest Software,
Without Solid Implementation a Legal Discovery Plan Is Just a Plan Step-by-step instructions will get you started By Paul Robichaux Published: May 2009 Without Solid Implementation a Legal Discovery Plan
Kent Cheong Regional Sales Manager GFI Software 1 2 Overview of GFI Software Organization Organization» Founded in Malta in 1992» Offices: 3 in APAC, 9 in EMEA and 3 in the Americas» 800+ employees Development»
Email Archiving Complete Computers Email Archiving helps preserve information, facilitate compliance, and speeds ediscovery with a service that s fast, scalable and secure. Business Costs Email Archiving
1 Purpose and Scope The purpose of this policy is to: Identify the types of College-related electronic information, including the location of the information; Identify what departments or individuals are
Sponsored by ediscovery: The New Information Management Battleground Developments in the Law and Best Practices Kahn Consulting Inc. (847) 266-0722 email@example.com Introduction The following
Symantec Enterprise Vault for Microsoft Exchange Store, manage, and discover critical business information Data Sheet: Archiving Trusted and proven email archiving Symantec Enterprise Vault, the industry
1 Osterman Research Executive Summary Enterprise Email Archiving: Market Needs and Trends Archiving is to email as record-keeping is to accounting. Enterprises of all sizes are becoming increasingly dependent
Optim The Rise of E-Discovery Presenter: Betsy J. Walker, MBA WW Product Marketing Manager What is E-Discovery? E-Discovery (also called Discovery) refers to any process in which electronic data is sought,
Miguel Ortiz, Sr. Systems Engineer Globanet Agenda Who is Globanet? Archiving Processes and Standards How Does Data Archiving Help Data Management? Data Archiving to Meet Downstream ediscovery Needs Timely
MDLA TTS August 23, 2013 ediscovery for DUMMIES LAWYERS Kate Burke Mortensen, Esq. firstname.lastname@example.org Scott Polus, Director of Forensic Services email@example.com 1 Where Do I Start??
EXCHANGE TO OFFICE 365 ARCHIVING CONSIDERATIONS by Brien Posey As an organization prepares to migrate mailboxes from an on premise Exchange Server to Office 365, it must carefully consider how the migration
White Paper By Bob Spurzem and Martin Tuip Mimosa Systems, Inc. January 2008 Mimosa NearPoint for Microsoft Exchange Server Next Generation Email Archiving for Exchange Server 2007 CONTENTS Email has become