Jump to Navigation | Jump to Content
American Bar Association

ABA Section of Business Law


Business Law Today

Avoiding the Preservation Predicament
Preparing for E-Discovery Obligations Before Disputes Arise
By Kevin F. Brady and Chad Breckinridge
Businesses trying to manage their electronic information face a significant problem. Information created, captured, and replicated in an electronic form is now growing at a rate of almost 60 percent per year, and the upward trend shows no sign of abating. As a result, companies are amassing hundreds if not thousands of terabytes of electronic information in the form of databases, e-mails, spreadsheets, and word processing information. These volumes are staggering, as a single terabyte is equal to the amount of information in a million books.

Even when not involved in litigation, companies are struggling to manage their electronic records. When litigation arises, the problem only gets worse because of the requirements of the new e-discovery rules and the issues associated with the preservation and production of such large amounts of information.

On their face, the new e-discovery rules govern nothing more than a party's conduct during civil litigation. Nothing in the new rules purports to require companies to take any particular action or undertake any preparations before litigation arises. Indeed, the Advisory Committee Notes accompanying the new rules state expressly that the new rules do not address prelitigation preservation obligations, which remain subject to the common law. A company that neglects to prepare in advance of litigation, however, does so at its peril. A shortsighted approach to handling electronic information can cost companies thousands if not millions of dollars in unnecessary expenses, fines, and judgments and expose them to harmful evidentiary sanctions.

The Value of a Proactive Approach
Judgments and sanctions imposed on Fortune 500 companies because of their failure to preserve and produce electronic records have forced senior managers to focus on record-retention policies more than ever before. Likewise, in-house legal teams are spending more time than ever balancing their companies' legal obligations to preserve records against the monumental costs of storing and processing potentially relevant electronic data. While case law has begun to provide some guidance in this area, complete clarity is still a long way off.

Since taking effect on December 1, 2006, the new Federal Rules of Civil Procedure have presented companies with a stark choice. A company that invests time and resources to prepare in advance will find that it can comply with its discovery obligations swiftly and efficiently. A company that spurns advance preparations, by contrast, may find itself unable to make required disclosures and unable to comply with production obligations without incurring enormous costs. Perhaps most importantly, a company that is not prepared for e-discovery may find itself on the painful end of severe evidentiary and monetary sanctions.

Record Retention Policies
E-discovery preparations will vary from industry to industry and from company to company. All the same, a handful of core principles apply universally, because the new rules are rooted in the parties' duty to act reasonably and in good faith. In particular, every company stands to benefit from adopting an appropriate record-retention policy. Similarly, every company should make sure it understands its duty to preserve records before the duty arises and every company should plan for likely problems before those problems materialize.

In the first of her seminal e-discovery opinions in Zubulake v. UBS Warburg, Judge Shira Scheindlin of the Southern District of New York distilled the challenge of electronic discovery. "The more information there is to discover," Judge Scheindlin wrote, "the more expensive it is to discover all the relevant information until, in the end, discovery is not just about uncovering the truth, but also about how much of the truth the parties can afford to disinter." This statement reflects the two features of electronic record discovery that separate it from traditional paper discovery—and make advance preparation critical. First, the volume of a party's electronic records can be staggeringly huge, especially in the era of e-mail and instant messaging. And, second, rendering many of those records into reviewable form can be maddeningly complex and costly.

Two Tiers of Information
The new e-discovery rules attempt to address these challenges by taking a two-tiered approach designed to limit the production of "inaccessible" electronic records. In order to avoid onerous eleventh-hour compliance problems, companies need to understand the distinction between the two long before disputes arise. Rule 26(b)(2) relieves a producing party of the duty to produce electronically stored information (ESI) from sources it identifies as "not reasonably accessible because of undue burden or cost." Examples of inaccessible ESI include deleted or fragmented records, records stored on certain backup-tape systems, and records produced with legacy systems no longer in use. If the requesting party moves for production from inaccessible sources, the producing party bears the burden of demonstrating the cost and burden of production. Weighing the need for the records against the demonstrated cost of producing them, a court can order production when warranted and allocate the production costs between the parties.

A party's record retention policies, therefore, sit in the crosshairs of the new rules, even though the policies are generally instituted long before litigation begins. To even begin formulating a response under the new two-tiered approach, a company must have a complete understanding of how it retains various categories of ESI, in what form, in which locations, and how to retrieve it. While nothing in the rules mandates that companies adopt particular record-retention policies, the new provisions effectively presume that parties have policies in place. Forward-thinking companies are revising them in advance of litigation to ensure comparatively pain-free compliance with their e-discovery obligations.

Developing an effective and defensible record-retention policy poses an array of challenges. Many companies retain outside consultants or lawyers to assist in the task. Among other issues, a company must resolve what information to maintain in relatively accessible active sources, what to store on relatively inaccessible backup tapes, how to handle "legacy" ESI, and when to delete or overwrite ESI stored on various media.

Best Practices Involve Collaboration
There are several practices that virtually every company should adopt in advance of litigation. At the outset, a company should appoint an e-discovery response team to include representatives from, among others, senior management, inside and outside counsel, the information technology group, the information security group, the finance team, and possibly human resources. This team should take ongoing responsibility for managing e-discovery issues and updating the company's record-retention policy. The team should meet regularly, as frequent and open communication between the technical and legal teams is critical to efficient compliance.

As one of its first orders of business, a company's e-discovery team should conduct a thorough audit of the company's ESI sources, including desktops, laptops, file servers, portable and nonportable storage devices, and backup systems. To the extent a company's discoverable records reside on the systems of outside entities or contractors, the audit should cover those sources as well. An audit will focus the internal e-discovery response team on any looming compliance problems. It also will give the company the information necessary to identify ESI sources, as required by the new rules.

The e-discovery response team also should take the lead on adopting or revising an appropriate record-retention policy. This task will require careful cooperation among the members of the team, as the "records" subject to retention will vary from company to company, depending on applicable legal, regulatory, and business requirements. Broker-dealers face different—and far more stringent—retention obligations than lawn-care companies, for example. Companies should avoid adopting overly rigid retention policies and information management systems. A company must maintain the ability to suspend or temporarily alter aspects of its retention policy and information management system in order to comply with litigation holds or comparable preservation obligations.

Perhaps most importantly, a company should ensure that all of its senior managers buy in to the retention policy and that all employees comply fully. Otherwise, the company runs the risk of making inaccurate representations to a court. Employees should be required to attend record-retention training courses and refresher courses and the company should remind them regularly of their obligation to comply with the company's policy. It is equally important to train employees to avoid generating inappropriate or compromising electronic records in the first place. An obligatory e-mail etiquette course for all employees can reduce the risk that informal off-color e-mails will lurk in electronic storage systems and haunt the company for years.

Preparation: Focus Is on E-mail
The duty to preserve records—whether electronic or paper—is triggered as soon as a party learns of pending litigation, reasonably anticipates litigation, or is put on notice that litigation is imminent. The factual underpinnings and timing of the duty to preserve differ from case to case and from party to party. As a result, the scope and timing of a preservation duty cannot be predicted before it arises. Therefore, a party must ensure in advance of litigation that it is capable of preserving discrete categories of potentially relevant information, information that could lead to the discovery of admissible evidence, and information likely to be requested during discovery. Of particular importance, companies should be prepared to suspend the destruction of potentially relevant records (including active ESI) that would otherwise occur in the ordinary course of business. They also should be ready to instruct all employees who might possess potentially relevant records to preserve them.

E-mail almost always presents the biggest problem in this area because—in an effort to avoid a suffocating overload of data—many companies employ an automated record-destruction system to purge their servers of outdated e-mail on a regular basis. When a company reasonably anticipates litigation, however, it is obliged to suspend its destruction system so that potentially discoverable e-mails are not automatically deleted on a rolling basis. Suspending record-destruction systems in a tailored manner is a complex task, however. Therefore, long before any duty to preserve arises, companies should educate their IT staffs about the scope of the obligation and develop a capability to suspend tailored features of their ESI destruction systems when necessary.

Backup Tapes
Backup tapes are another source of thorny preservation problems, and forward-thinking companies will address them before litigation commences. The new e-discovery rules do not paint a bright line indicating when a party must preserve them, but there are clear limits. Most importantly, the obligation to preserve applies only to potentially relevant information and to information reasonably likely to lead to the discovery of such information. Thus, upon threat of litigation, companies are not required to preserve every backup tape in their possession. While this alleviates some degree of burden, it leaves companies with the troublesome task of assessing which tapes to preserve. Preserving too many can lead to enormous and unnecessary review and production costs, especially for tapes containing relatively inaccessible data. Preserving too few can result in sanctions for spoliation.

Unfortunately, inconsistent judicial decisions muddied the waters before the new rules took force. In some jurisdictions, preservation obligations never applied to "inaccessible" backup tapes (e.g., those typically maintained solely for purposes of disaster recovery). Other jurisdictions required companies to preserve all backup tapes. Still others took a hybrid approach. In Zubulake, for instance, Judge Scheindlin held that a producing party must preserve some sources of inaccessible ESI. In particular, they must preserve tapes containing ESI related to key players in the litigation, but only when that information is not available from another source. These varying approaches to preservation could have a significant impact on the manner in which companies label and store disaster-recovery backups.

Between a Rock and a Hard Drive
The new e-discovery rules force companies to make tough decisions, especially when determining which backups fall within the scope of a preservation obligation. The two-tiered approach in Rule 26(b)(2) provides little guidance in this area and arguably sets a trap for unsuspecting companies. To ensure data security, a company might elect to retain disaster-recovery backup tapes for years, even if it has no legal obligation to retain them in the absence of litigation. If litigation arises, the company may be required to identify some or all of the backups as an inaccessible source of potentially relevant ESI under Rule 26(b)(2). If the requesting party prevails on a motion to compel production of the data on those tapes, the producing company may have to devote significant resources to review and possibly produce the inaccessible ESI.

Thus, the producing company finds itself in a classic dilemma. On the one hand, it can choose to permit routine destruction of disaster-recovery backups and run the risk of massive data losses in the event of system failure. On the other, it can preserve the tapes and face the possibility of enormous production burdens. Rule 37(f) arguably provides some protection in this area, but a company won't find much comfort in the rule's record-destruction "safe harbor." As part of their advance preparations, companies should weigh these options and risks and should develop backup systems that reflect their specific businesses and data preservation needs.

Perilous Safe Harbor
Rule 37(f) attempts to address the fact that information management systems routinely overwrite, alter, and delete ESI in the course of their normal automated operations. The rule recognizes that suspending such operations whenever litigation seems possible can wreak havoc throughout a network and result in the unnecessary retention of untold terabytes of data. Accordingly, it bars courts from issuing sanctions "under these rules" when a party loses discoverable ESI due to the routine "good-faith" operation of its information management system. While Rule 37(f) applies to information lost after litigation is threatened or pending, one of the pivotal points in a Rule 37(f) defense will be what proactive steps the company took in advance of the threatened litigation to prepare, such as the steps the company took to implement a litigation hold.

This safe harbor may not provide any real safety, however. First, the rule only prevents courts from imposing sanctions "under these rules." It does not purport to limit a court's inherent, non-rule-based authority to issue sanctions. Second, the rule protects only "good faith" operations of an information management system. The rule's commentary explains that "good faith" requires a party to suspend routine operations that would otherwise alter or destroy ESI subject to a preservation obligation. This requirement arguably undermines the safe harbor. If a company has reason to believe that litigation is in the offing, it may have a hard time showing that it acted in good faith if it continued to allow its system to destroy potentially relevant ESI.

Of course, there is very little case law interpreting any of the new rules. Thus, it is possible that courts may interpret Rule 37(f) more expansively than the text appears to allow. Until that time, however, companies should be wary of ultimately relying on the safe harbor when implementing ESI deletion protocols in advance of litigation.

Time for a New Mindset
The new e-discovery rules have placed companies and their executives on notice that inadequate ESI management can have dire repercussions. Companies that continue to allow e-mails, document drafts, and other ESI to accumulate unfettered in an array of storage formats will face nearly insurmountable technical hurdles and costs when faced with production obligations under Rule 26. By contrast, companies that take action in advance to implement appropriate policies and catalog existing information management systems will be able to respond swiftly and accurately.

Preparing for efficient compliance with e-discovery obligations requires a company to be proactive, not reactive. Case reporters are filled with decisions in which companies incur considerable sanctions—both monetary and evidentiary—because of their failure to implement effective ESI management practices. The fact that many of these decisions were issued before the new rules took effect means only that the penalties could be even greater now that the companies are on notice of their e-discovery responsibilities.

Neglecting to formulate a retention system in advance is a surefire recipe for disaster. Some Fortune 100 companies that have failed to do so have found themselves on the wrong end of enormous jury verdicts. The open question is the extent to which those verdicts were the result, in part, of neglected ESI management policies.

The Value of Preparation
Litigants have been subject to judicially created e-discovery obligations, burdens, and sanctions for years. Before the new rules took force last year, companies did their best to prepare in advance for uncertain preservation and production obligations related to ESI. Their missteps—sometimes inadvertent and sometimes willful—exposed them to harsh sanctions. The new rules throw some curveballs to business lawyers, but they should be viewed as a welcome step toward clarity. They provide litigants with a road map detailing what opposing parties may request, what they may have to preserve and produce, and how courts will treat violations of the rules.

With greater clarity comes greater responsibility to prepare in advance, however. A company that waits until litigation arises to assess its ability to comply will find compliance nearly impossible. A company that takes care to plan and prepare, by contrast, will be able to comply swiftly and without incurring great expense. For business lawyers focused on the best interests of their companies or clients, there's really no choice in the matter.
Brady is a partner in the Business Law Group of the Wilmington, Delaware, office of Connolly Bove Lodge & Hutz LLP. His e-mail is kbrady@cblh.com. Breckinridge is an associate in the Internal Investigations Group and the Domestic and International Communications Group of Harris, Wiltshire & Grannis LLP based in Washington, D.C. His e-mail is cbreckinridge@harriswiltshire.com.

Back to Top