WHITEPAPER The Discnnect Between Legal and IT Teams Retentin Plicies Why lawyers agnize ver Retentin Plicies and wrry abut archiving emails. Ideas and suggestins t reslve the issues while mitigating risks and csts. #1 in a series f 4 whitepapers. Circulate this dcument t IT, Legal, and cmpany management. It can be used t start a dialg, get cnsensus, and get actin taken. 2009 Waterfrd Technlgies, Inc. All Rights Reserved. This whitepaper is published by Waterfrd Technlgies, Inc., makers f the ppular MailMeter archiving slutin. Fr mre infrmatin n MailMeter, email archiving, retentin plicies, ediscvery, FRCP, cmpliance, etc. g t www.mailmeter.cm.
Backgrund The discnnect between legal and IT teams Retentin Plicies If yur rganizatin has still nt made a decisin t archive emails fr business and legal purpses (FRCP, SEC, FINRA, and ther regulatry r cmpliance purpses) r yu are frzen (r still debating) in the decisin cycle (keep everything vs. dn t keep anything), then this whitepaper is fr yu. Our gal is t prvide understanding f bth the legal and IT issues and ffer ideas and suggestins t reslve the differences while meeting yur business gals and mitigating the risks. The Discnnect Lawyers are wrried abut saving emails in an archive since they are discverable recrds. Nearly every legal actin includes an rder t prduce relevant emails. When yur rganizatin is aware that there is gd ptential fr a legal actin (even befre they have been served with a subpena) yu must take frmal actins t preserve any recrds that may be called as evidence r asked fr in discvery. This includes ntifying peple nt t destry email recrds and tracking respnses t the ntices (litigatin hld). The Federal Rules fr Civil Prcedure mandate that attrneys Meet and Cnfer t establish the what d yu have and where is it fr all electrnic recrds expected t be searched. Yur rganizatin s users believe they need t save every email they ever sent r received frever (just in case). The IT team has t maintain backups and is tasked with making mst ediscvery searches which is time cnsuming, ptentially expensive, and has a large ptential fr errrs. Legal hlds may require that cpies f current mailbxes and messages n backups need t be recvered and placed in a separate, prtected lcatin. While the plicy debate ges n, the mass f messages in the email server cntinue t grw and cause lng backup times, ptential fr lnger recvery times, and reduce reliability. 2
The Lawyer s Cncerns The discnnect between legal and IT teams Retentin Plicies At a recent LegalTech cnference (a gathering f lawyers arund technlgy issues) it was easy t understand the plight faced by an rganizatin s legal team. Judges are getting tech savvy. There have been a number f legal cases that set precedence fr prducing ESI (electrnically stred infrmatin) and decisins and recmmendatins by the Sedna Cnference (really smart legal peple giving analysis reprts f imprtant legal issues). They realize the pain and burden r prducing the infrmatin and the high csts fr bth parties t review the dcuments, and the amunt f curt time taken t g thrugh the evidence submitted. Remember, judges want justice fair treatment under the law. Mst judges wuld like parties t settle every case befre it ever makes it t curt. Outside legal cunsel is n the hk, persnally and prfessinally. They realize when they sign a pleading (legal dcument presenting respnses and arguments t the curt) that they can be fined, sanctined if later the infrmatin abut the ESI is fund t be untrue. S nw they are mre cncerned with the details f where the data is and wh has cntrl f it. Many cited examples f hw internal cunsel had nt prvided requested infrmatin because it was difficult t prduce. They als were wrried abut prducing privileged dcuments in the haste t deliver infrmatin t the ppsing party. There has been a recent curt case setting precedence that makes it easier t claw back inadvertently disclsed privileged data. The verall result is that utside cunsel wants t spend mre time (read mney) reviewing the infrmatin befre it is prduced first pass by a paralegal, next by an assciate, then by the litigatr. Inside legal cunsel is stuck between a rck and a hard place. They are being mandated t cut legal csts hwever they can. S they strng arm negtiate with utside legal cunsel fr better rates (30-40% reductin is nt unusual) and decide t d mre wrk with in huse staff. The highest expense in ediscvery is in the review f the infrmatin (hw many eyes and at what csts fr each email r dcument). With the ptential fr hundreds r thusands f emails needing review at an average cst f $160 per hur yu can see the bvius prblem and the discnnect - if yu have less infrmatin, then yu lwer legal csts. Of curse, lawyers realize that it may be unwise t nt have email recrds fr discvery can t find the smking gun, can t prduce the cntract change agreed t, can t argue that the cntents f an email 3
The discnnect between legal and IT teams Retentin Plicies prduced by the ppsing party is nt the true versin, and can t d an internal investigatin t slve HR issues. Unfrtunately, many lawyers technical knwledge nly extends t their use f Micrsft Outlk r Ltus Ntes. They d nt realize that if an email is deleted frm Outlk, that it stills sits n the email server fr a time perid established by the IT staff (days t weeks). While the lawyers may think that IT plicy deletes all emails lder than 60 days, it is easy fr any user t defeat that plicy. They dn t knw that users can save messages t files n their desktp, frward them t utside email accunts, stre them in a persnal archive, cpy them and take them hme, r frward messages t themselves (resetting the clck n the age f email). Lawyers may nt knw that the backup files r tapes stred n site r ff site may cver a much larger time perid. IT peple may nt be aware f what they have r be unwilling t disclse its existence because f the amunt f time they spent n gathering the data frm a previus request. Many lawyers hld their breath while watching their IT staffs get grilled in depsitins by ppsing cunsel asking detailed questins n security access, IT prcedures, prcesses, and custdial peratins. In spite f practice depsitins, many lawyers are surprised by the infrmatin disclsed by IT under questining. 4
The User and Business Cncerns The discnnect between legal and IT teams Retentin Plicies Users are trained by the market place fr persnal email accunts (Htmail, Yah, Gmail, etc.), that strage is nearly unlimited and free. S users truly believe that they have an inherent right t save every email frever (that s why users g thrugh the gyratins f dragging messages int flders s they can keep track f their stuff ). Users als use the rganizatin email system as a transprt fr persnal messages (baby and vacatin pictures, jkes, YuTube vides, buying and selling n Ebay, news alerts n stcks and ther interests, mail frm family, etc.). Over 80% f an rganizatin s business intelligence is in email recrds. Sales cmmitments, discunts, change rders, PO crrectins, shipping changes, cst verruns, late deliveries, price changes, back rders, purchases, legal dcument changes, cnfidential infrmatin, etc. are transprted thrugh email. Hw users defeat plicies (legal) and mailbx qutas (IT). 1. I can frward email t my persnal email accunt r save it t a file n my PC (r thumb drive) and then delete it. The rganizatin n lnger has the email but I d. (Oppsing cunsel can ask if any f yur users d this and then ask fr their persnal email recrds). 2. Archive r mve mail t a persnal archive (PST fr Outlk lcal archive fr Ntes) ut f my mailbx. I can make a cpy f it and take it hme r t my next jb. Searching persnal archives fr legal actins is really expensive. A gd plicy is t nt allw them in the first place. 3. If I knw the plicy is t delete emails lder than x days, then I can grab ld emails and frward them back t myself (nw they are new messages) r t my utside email accunts. Many users even set up autmatic rules t frward all emails t external accunts. 4. I can print any email and save it in a flder. 5. If I have dne a bad thing (sent r received inapprpriate r cnfidential material), I can duble delete it right away (aviding backup) making sure it is gne. Yu will never knw I did it. 5
IT Manager and Technical Cncerns The discnnect between legal and IT teams Retentin Plicies Mst IT staff is cncerned abut resurces and their persnal time. They are shrt handed, stressed with prblems, and pulled in many directins. The email server strage is full. Backups take t lng. Recvery is impssible. There is n mre disk space available. The answer is t set mailbx qutas (let users manage their wn space). When the users cmplain again, let them have persnal archives (which end up n their wn PCs r n a netwrk share and get backed up anyway). Search fr messages. Users lse critical messages; IT has t g find them. Many disk based backup slutins make this easier. Ging t ffsite backups t recver messages needed in a legal actin takes a lng time (put up a new server, recver the email server data, lk in mailbxes fr the messages) and usually ccurs under pressure r ver a weekend (with n extra pay). Cpy mailbxes. Legal teams ask fr cpies f mailbxes (let them d the searching). Usually pretty easy but sme peple have huge mailbxes. Be depsed. Yikes this is scary. Mst IT staffs are technical peple that have never been in a legal actin befre. Being asked questins (sme gd and sme really dumb) abut lcatin f data, wh has access, wh culd f and hw culd they delete messages (gives them a great way t shw technical skills), is uncmfrtable the first time but easier the next time since it frces IT t be prepared fr depsitins. Plicies dn t match realities. Fr example, if legal plicy is t delete all email lder than 6 mnths in the Inbx, 2 years if it is in a (save fr 2 years) Flder and 4 years if it is in (keep fr 4 years) Flder why d mst users (if they remember) drag everything int the 4 year flder? And why d yu keep backup tapes fr 1 year (means 6 mnths plicy is mt). Email archiving is easy. It saves space, gives legal staff an easy search and exprt capabilities, users can search the archive fr their wn stuff, and the email server strage size can be shrunk by mre than 50%. What are we waiting fr? 6
Ideas and Suggestins License an email archiving slutin. The discnnect between legal and IT teams Retentin Plicies Emplyees knw that every email sent r received is kept as a cmpany recrd fr 7 years r lnger. This insures that emplyees knw nt t waste resurces n persnal r frivlus. It prevents bvius use f the rganizatin s email fr nn-business use since emplyees realize that every message is saved autmatically. Litigatin hld is easy. IT marks the archive. N ntices t users are needed. N user can delete messages frm the archive. When email is reviewed internally, it is marked r tagged as privileged, needs review, respnsive, case #, etc. and it remains with the message s future legal discvery is less expensive since messages have already been reviewed. Any ediscvery actin can nw be satisfied with internal staff wh d the searches requested, review and mark the messages (big cst reductin), and exprt nly the relevant emails t PSTs t hand t utside cunsel. Outside cunsel csts are lwered. There are significantly less emails t review. The litigatr is familiar with the archiving slutin and knws the searches prduce all relevant email messages (nthing can be deleted by users frm the archive). The meet and cnfer sessins g smthly. The need fr business intelligence is satisfied any user r manager can search the archive by date, keywrds, custmer, r persn t find any critical email. The needle in the haystack can be fund in secnds. IT is happy since email messages in the email server are remved after ne year. Backups are smaller and recvery is easier. N mre running ut f disk space. IT is happier because they can disallw PSTs minimizing backups and cntrlling retentin. Depsitins will be easy. A simple declaratin f a descriptin f the email archiving system and prcedures usually suffices and can withstand any scrutiny. Retentin management is abslutely cntrlled. Messages can be destryed by department, age, subject, persn, cntent, etc. 7
The discnnect between legal and IT teams Retentin Plicies Message t legal Stp delaying a decisin. It will nly get wrse in IT and create mre legal prblems (read the blgs n the Guidance Sftware case). Data is getting lst r destryed and yu haven t taken any actins t reduce yur legal csts. Email archiving systems are nt that expensive. In ur experience the reductin in legal review csts n yur first discvery actin pays fr the cst f the sftware. Prtect the business start cllecting infrmatin nw. Yu can always change yur data destructin plicies. Remember, yu have anarchy nw peple are making their wn decisins. If yu have a reductin in frce, yu may have lst years f gd messages that can save yu mney in the future. Message t Business Peple Prtect the business start cllecting infrmatin nw. Yu are lsing valuable data because peple are wasting time managing t mailbx qutas (what shuld I save?) r sending valuable data utside the cmpany t persnal email accunts (and yu dn t knw it). Yu can als imprve prductivity by letting users knw yu will keep everything s they can find it if they need it. N mre dragging and drpping messages int flders r wasting time husekeeping t meet mailbx qutas (that s why executives have bigger mailbxes). Message t IT Lawyers are nt bad peple. They have a tugh jb. They lk t yu t prvide the insight int hw t meet bligatins withut huge expenses. They will prbably want IT t make the investment in email archiving because they are struggling with mre cases and less mney. D them a favr have them sit in n a nn-technical dem f an email discvery slutin. It will help. 8