Keep Your Documents Close and Your Flash Drives Closer

In 1969, when Mario Puzo published his novel “The Godfather,” his line “A lawyer with his briefcase can steal more than a hundred men with guns” became highly quoted and recognized because of the innate truth it contained: it’s easier to rob a company through information than through violence.

He could not have imagined that, just forty years later, enough information to take over, bring down, or steal from a company could be contained on a device the size of a pack of gum. Flash drives have made it possible for corporate espionage to reach new heights, and for any disgruntled employee - from the receptionist to the president of the company - to succumb to temptation, download and walk away with the company’s data in a format so small that it can be hung on a keychain. If not accounted for in a document retention policy, flash drives present a significant risk of comprising the integrity and negating the purpose of a document retention plan. 

In a posting called “Deter the Use of Flash Drives to Avoid Corporate Espionage” by James Koopman on the DCIG website, Koopman says,

The portability and high capacity of flash drives is creating headaches for many companies. The Net is swarming with stories of the ill-use, illegal activities, and security concerns as more and more of these devices are lost and stolen or used to steal sensitive information.

The site links to reports on the theft or loss of flash drives containing information as diverse as military secrets, patient data, and confidential child welfare cases, all because the drives are convenient, easy to use, take up no space, are inexpensive and easily obtainable in any electronics store.

 

What all this means to legal departments, of course, is that flash drives have to be accounted for when complying with record retention policies, and in planning electronic document production for litigation purposes. In some environments - the Pentagon being a notable example ("Pentagon Bans Flash Drives"), flash drives have been outlawed entirely due to security concerns.  

But even if national security isn’t your bailiwick, record retention policies should take into account information stored on flash drives and all other e-document locations, as noted by Robert Miller, in The Why and How of Document Retention Programs,” e-files can be stored using an array of portable media such as microfilm, flash drives, CDs and DVDs; or on devices such as Blackberries, Palm Pilots, laptops or even iPods. Additionally, files can be housed on systems such as workstations, servers, corporate e-mail systems, shared network drives, or even the company’s voicemail system.  Clearly, the chore of locating and identifying all discoverable documents is a lot more complicated now than when they existed solely in a metal file cabinet!

 

It does not take a “stab” in the dark to create a sound document retention policy because specific document retention periods are set forth in several sources of law which include the Sarbanes-Oxley Act, the Federal Rules of Civil Procedure, and other federal and state statutes. You can minimize the risk of unknowingly having a “smoking gun” document act as a “silencer” at a time when you least expect it by ensuring that your company has developed a document retention policy that covers the retention and disposition of physical records and all sources of electronic records. By doing so, you’ll certainly sleep easier - and you won’t wake up to a horse’s head in your bed.

Use Caution When Doing Your Spring Cleaning!

 

Although we're in the middle of winter, and the Midwest had -40 degree wind chills last week, this is the time for you to think about spring cleaning. I don't mean scrubbing floors or washing windows. Now is the time to develop a record retention policy and a litigation hold policy and then begin appropriately "cleaning house."  Micron Technology, Inc. v. Rambus, Inc., 2009 WL 54887 (D. Del. Jan. 9, 2009) shows us why it is so very important to have a litigation hold policy in place before starting that spring cleaning.

Rambus was a microchip technology company that became concerned about possible patent infringements by microchip manufacturers. It sought counsel regarding possible litigation, and counsel developed a litigation strategy. During this time, Rambus also designed and implemented a record retention policy, then held a series of "Shred Days" where many expired records were destroyed.

Micron sought a declaratory judgment from the court that its designs did not infringe on Rambus' patent.  The court held a separate trial on whether Rambus' wholesale destruction of documents pursuant to its document retention policy constituted spoliation of evidence and the appropriate sanction to be imposed on Rambus if in fact spoliation had occurred.  

In analyzing the spoliation issue, the court found that Rambus had a duty to preserve its documents once litigation became reasonably foreseeable.  According to the court,

Rambus knew or should have known, that a general implementation of the policy was inappropriate because the documents destroyed would become material at some point in the future.  Therefore, a duty to preserve potentially relevant information arose in December 1998 and any documents purged from that time forward are deemed to have been intentionally destroyed, i.e. destroyed in bad faith. 

Because Rambus' bad faith was so clear and convincing and because Rambus destroyed innumerable documents relating to all aspects of Rambus' business, the court determined that the very integrity of the litigation process had been impugned.  The court found that neither adverse jury instructions nor the preclusion of evidence nor the imposition of fees and costs on Rambus could cure the damage done by the massive document destruction.  Instead, the court delivered the ultimate sanction of all, it declared Rambus' patents involved in the lawsuit unenforceable. 

The moral of the story?  Companies must exercise extreme caution in implementing document retention policies and must strongly consider whether a "litigation hold" needs to be placed on some documents, even in cases where litigation has not been officially commenced yet.  Consequently, when you get that itch to do some spring cleaning, plan ahead so that you can protect your intellectual property and your business.

Saving Your Company's Bucks and Hide...

Did you know that, before paper money was used, Americans used animal hides, or buckskins, for money?  This is the origin of the slang term "bucks." If you want to help your company keep more of their “bucks” as well as their “hide” in 2009, urge them to review and comply with their existing document retention policy.

Jerome Wendt on the StorageChannel.com’s blog revisited some lessons from the past, which remain relevant for the new year. Wendt’s blog discussed the 2002 case of Murphy Oil USA, Inc. v. Fluor Daniel, Inc. (2002 WL 246439, E.D. La. Feb. 19, 2002). Fluor Daniel had an email retention policy that allowed them to erase backup tapes after 45 days, but neglected to follow their own policy…resulting in the unintended preservation of 93 backup tapes, some of which contained damaging information. The Court ordered Fluor Daniel to produce email from one of these backup tapes. Fluor Daniel could have avoided an unfavorable court decision and the costs associated with producing certain incriminating evidence had it only complied with its own document retention policy. 

The beginning of a new year should be seized as an opportunity to ensure that your company is complying with its existing document retention policy.  This is an excellent first step to saving more than a few bucks and protecting your hide as well. 

Walk the Line

There is a thin line when attempting to distinguish between personal records and corporate records. Some would argue that there is no line at all because it is very difficult to sustain a claim that documents prepared in connection with employment are "personal."  The distinction between personal records and corporate records is legally significant because the Fifth Amendment's privilege against self-incrimination can be used to protect personal records.  Because the Fifth Amendment can only be asserted by individuals, corporate records are typically compelled to be produced in response to a subpoena.

The risk to corporate clients is significant when employees maintain records outside of normal record keeping procedures. This issue often arises when employees improperly assume that a record is "personal" because it contains some personal content. Common examples include employee calendars or address books that contain personal information. 

One of the leading cases in this area, In re Grand Jury Proceedings, 349 F. Supp. 417 (N.D. Ohio 1972), established that a desk calendar maintained by executives and/or secretaries is a "corporate document." In that case, a doctor maintained a date book containing both business and personal data. The court held that the calendar could be compelled to be produced because no collective entity, such as a corporation, labor union or partnership, can resist a subpoena for its business records on Fifth Amendment grounds. The court reasoned that the information contained in the requested documents was relevant, stressing that the privilege does not protect any privacy interest in the contents of business records.

Therefore, corporate attorneys should remember that if any element of a document pertains to the business, the whole document may have to be produced in court if it is called for by subpoena. As such, it is best to encourage employees to plan as if all records will be considered as corporate records that are not entitled to the Fifth Amendment protection against self-incrimination.  Employees must understand that all records maintained by that employee can be considered corporate documents, even if personal information is also included in those "corporate" documents, and therefore, those records must be maintained uniformly in compliance with the company's record retention policy.

 

Don't Forget the Website!

A corporation's website is often one of a corporation's most visible assets and as a result, websites are often given high priority by corporate marketing and public relations departments.  Websites should be paid the same attention when a corporation institutes a litigation hold.  Unfortunately, when a litigation hold has been instituted, forgetting about your website can be a dangerous oversight. 

In the recent case, Arteria Property Pty Ltd. v. Universal Funding V.T.O., Inc., (2008 WL 4513696, October 1, 2008), the District Court for the District of New Jersey held that websites should be treated the same as other electronic files and sanctioned the defendant corporation for failing to maintain the content on its website once litigation was reasonably anticipated. In Arteria, the plaintiff requested in discovery electronic snapshots or paper copies of the defendant corporation’s website. The defendant corporation failed to produce this information.  There was no dispute that the website was in existence at a time when it was at least reasonable that the corporation would be sued. As a result, the court found that the failure to produce the website constituted spoliation of evidence and imposed sanctions on the defendant corporation. 

The moral of this story?  Your litigation hold policy should have a mechanism in place to insure that your corporation's website, as an electronic document, is preserved in the same manner as other electronic data subject to a litigation hold.