spoliation

Ask the Magic 8-Ball; “Is Predictive Defensible Disposal Possible?”

Bill Tolson Information Governance , , , , , , , , ,

The Good Ole Days of Paper Shredding

In my early career, shred days – the scheduled annual activity where the company ordered all employees to wander through all their paper records to determine what should be disposed of, were common place. At the government contractor I worked for, we actually wheeled our boxes out to the parking lot to a very large truck that had huge industrial shredders in the back. Once the boxes of documents were shredded, we were told to walk them over to a second truck, a burn truck, where we, as the records custodian, would actually verify that all of our records were destroyed. These shred days were a way to actually collect, verify and yes physically shred all the paper records that had gone beyond their retention period over the preceding year.

The Magic 8-Ball says Shred Days aren’t Defensible

Nowadays, this type of activity carries some negative connotations with it and is much more risky. Take for example the recent case of Rambus vs SK Hynix. In this case U.S District Judge Ronald Whyte in San Jose reversed his own prior ruling from a 2009 case where he had originally issued a judgment against SK Hynix, awarding Rambus Inc. $397 million in a patent infringement case. In his reversal this year, Judge Whyte ruled that Rambus Inc. had spoliated documents in bad faith when it hosted company-wide “shred days” in 1998, 1999, and 2000. Judge Whyte found that Rambus could have reasonably foreseen litigation against Hynix as early as 1998, and that therefore Rambus engaged in willful spoliation during the three “shred days” (a finding of spoliation can be based on inadvertent destruction of evidence as well). Because of this recent spoliation ruling, the Judge reduced the prior Rambus award from $397 million to $215 million, a cost to Rambus of $182 million.

Another well know example of sudden retention/disposition policy activity that caused unintended consequences is the Arthur Andersen/Enron example. During the Enron case, Enron’s accounting firm sent out the following email to some of its employees:

 

 

This email was a key reason why Arthur Andersen ceased to exist shortly after the case concluded. Arthur Andersen was charged with and found guilty of obstruction of justice for shredding the thousands of documents and deleting emails and company files that tied the firm to its audit of Enron. Less than 1 year after that email was sent, Arthur Andersen surrendered its CPA license on August 31, 2002, and 85,000 employees lost their jobs.

Learning from the Past – Defensible Disposal

These cases highlight the need for a true information governance process including a truly defensible disposal capability. In these instances, an information governance process would have been capturing, indexing, applying retention policies, protecting content on litigation hold and disposing of content beyond the retention schedule and not on legal hold… automatically, based on documented and approved legally defensible policies. A documented and approved process which is consistently followed and has proper safeguards goes a long way with the courts to show good faith intent to manage content and protect that content subject to anticipated litigation.

To successfully automate the disposal of unneeded information in a consistently defensible manner, auto-categorization applications must have the ability to conceptually understand the meaning in unstructured content so that only content meeting your retention policies, regardless of language, is classified as subject to retention.

Taking Defensible Disposal to the Next Level – Predictive Disposition

A defensible disposal solution which incorporates the ability to conceptually understand content meaning, and which incorporates an iterative training process including “train by example,” in a human supervised workflow provides accurate predictive retention and disposition automation.

Moving away from manual, employee-based information governance to automated information retention and disposition with truly accurate (95 to 99%) and consistent meaning-based predictive information governance will provide the defensibility that organizations require today to keep their information repositories up to date.

Defensible Disposal means never being accused of spoliation for hosting “Shred Days”

Aside Bill Tolson Information Governance , , , , , , , ,

U.S District Judge Ronald Whyte in San Jose reversed his own prior ruling from a 2009 case where he issued a judgment against SK Hynix, awarding Rambus Inc. $397 million in a patent infringement case. In his reversal this month, Judge Whyte ruled that Rambus Inc. had spoliated documents in bad faith when it hosted company wide “shred days” in 1998, 1999, and 2000. Judge Whyte found that Rambus could have reasonably foreseen litigation against Hynix as early as 1998, and that therefore Rambus engaged in willful spoliation during the three “shred days” (a finding of spoliation can be based on inadvertent destruction of evidence). Because of this recent spoliation ruling, the Judge reduced the prior Rambus award from $397 million to $215 million, a cost to Rambus of $182 million.

Two questions come to mind in this case; 1) why did Rambus see the need to hold “shred days”?, and 2) did they have an information governance policy and defensible disposal process? As a matter of definition, defensible disposal is the process (manual or automated) of disposing of unneeded or valueless data in a way that will standup in court as reasonable and consistent.

The obvious answer to the second question is probably not or if yes, it wasn’t being followed, otherwise why the need for the shred days? Assuming that Rambus was not destroying evidence knowingly; the term “shred-days” still has a somewhat negative connotation. I would think corporate attorneys would instruct all custodians within their companies that the term “shred” should be used sparingly or not at all in communications because of the questionable implications.

The term “Shred days” reminds many of the Arthur Andersen partner who so famously sent an email message to employees working on the Enron account, reminding them to “comply with the firm’s documentation and retention policy”. The Andersen partner never ordered the destruction or shredding of evidence but because anticipation of future litigation was potentially obvious, the implication in her email was “get rid of suspect stuff”. The timing of the email message was also suspect in that just 21 minutes separated Ms. Temple’s e-mail message to Andersen employees on the Enron account about the importance of complying with the firm’s document retention policy from an entry in a record of her current projects in which she wrote that she was working on a case involving potential violations of federal securities laws.

The Rambus case highlights the need for a true information governance process including a truly defensible disposal strategy. An information governance process would have been capturing, indexing, applying retention policies, protecting content on litigation hold and disposing of content beyond the retention schedule and not on legal hold… automatically, based on documented and approved legally defensible policies. A documented and approved process which is religiously followed, and with proper safeguards goes a long way with the courts to show good faith intent to manage content and protect that content subject to anticipated litigation.

Can you wipe your twitter ramblings, and should you?

Bill Tolson Information Governance, Social Media , , , , , , ,

In December of 2011, the Library of Congress and Twitter signed an agreement that will eventually make available every public Tweet ever sent as an archive to the Library of Congress.

While writing a blog post last week, I began  to wonder how long all my twitter postings would be available and who could look at them. For the fun of it, I went back through approximately 6 months of my old twitter postings, re-tweets and replies (yes you can do it, it’s relatively easy and you can look at anyone’s).

 I’ve been pretty good about keeping my twitter posts “business-like” and have steered away from personal stuff like “I just checked in to the Ramada Inn on route 11…can’t wait for the evening to begin!”, or “does anyone know how to setup an off-shore bank account?” or “those jerks over at Company ABC are a bunch of losers”.  But many tweeters aren’t so disciplined and have posted stuff that could come back to haunt them later. I could imagine a perspective employer reviewing a candidate’s twitter history or even worse an attorney conducting research for a case using the public twitter archives to create a timeline.

With that in mind, could you delete your twitter postings and should you? Twitter does allow you to delete specific tweets one at a time but as far as I can determine, Twitter does not give you the ability to delete your entire twitter history short of deactivating your account. From the Twitter website:

How To Delete a Tweet

If you’ve posted something that you’d rather take back, you can remove it easily. When you hover over your Tweet while viewing your home or profile page, you’ll see a few options appear below the message.

To delete one of your Twitter updates:

  1. 1.       Log in to Twitter.com
  2. 2.       Visit your Profile page
  3. 3.       Locate the Tweet you want to delete
  4. 4.       Hover your mouse over the message (as shown below), and click the “Delete” option that appears

Voila! Gone forever… almost. Deleted updates sometimes hang out in Twitter search. They will clear with time.

We do not provide a way to bulk delete Tweets. If you’re looking to get a “fresh start” on your Twitter account without losing your username, the best way to do this is to create a temporary account with a temporary username, and then switch the username between your current account and the temporary account. Please see our article on How to Change Your Username for more info. 

On December 30, 2011, CNET published a story titled “How to delete all your tweets” which highlighted a product called TwitWipe. TwitWipe is a free tool that allows you to delete ALL your past tweets in one fell swoop. This may be handy because you can clean out your twitter account and start fresh without changing your username and dumping all your hard won followers.

This is an interesting capability but I think the more important question is why would you use this drastic of a step? The four most obvious reasons one would want to delete all their twitter postings and start fresh would be:

1.       You went through an unfortunate period in your life that you would rather forget

2.       You were regularly conducting criminal activities through your Twitter account

3.       You are considering a run for the presidency

4.       For whatever reason, you don’t want your twitter postings archived and available at the Library of Congress

The ability to delete ESI can be dangerous if done at the wrong time, especially if civil litigation is anticipated. Deleting a single tweet or every tweet you have ever posted can be construed as destruction of evidence if those tweets could have been relevant in litigation. ESI, no matter its format or where it’s stored, is potentially evidence  and should be at least considered when protecting ESI for litigation hold. Attorneys on both sides need to include social media content like twitter postings in their eDiscovery plans and be sure to warn all custodians about deleting/editing  social media content once litigation is anticipated.

Spoliation of the Facebook Timeline

Bill Tolson Information Governance, Social Media , , , , ,

In a previous posting, I described the new feature in Facebook called “frictionless sharing”, a Facebook feature that will make sharing even easier by automatically sharing what you’re doing on a growing community of Facebook-connected apps. Potentially everything you do on the web could be shared on a timeline with your “friends” and any others (like attorneys) that get access to your page based, for example, on a Judge’s order for discoverable information.

The USA Today Tech section published an article titled “Facebook Timeline a new privacy test” a couple of days ago that got me thinking. From the USA Today article:

Up until now, Facebook accounts have focused on the most recent posts. With the new profile format, the most recent Facebook activities will be at the top. But as users go back in time, Timeline will summarize past posts — emphasizing the photos and status updates with the most “likes” or comments.

“A lot of people just don’t realize how much information they’ve shared in the past.”

This new timeline feature that takes much of what you have done on the internet and neatly organizes it into a timeline is a perfect target for eDiscovery. This brings up two questions; can you edit or hide items on your timeline and can you permanently delete data from your Facebook timeline? These two questions also highlight another question…if you edit your Facebook account and or remove something from your timeline, could that be considered spoliation in a legal proceeding?

Before I address the spoliation issue, let me address the first two questions.

1. Can you edit or hide items on your timeline? The answer is yes you can. From the Facebook help center:

How do I remove a story from my timeline?

You get to decide which stories appear on your timeline. Hover over a story on your timeline to see your options:

  • (Feature on Timeline): This allows you to highlight the stories you think are important. When you star a story, the story expands to widescreen. Starred stories are also always visible on your timeline.
  • (Edit): This gives you the option to:
  • Hide from Timeline: This removes stories from your timeline. Note that these stories will still show up in your activity log, which only you can see. They also may appear in your friend’s News Feeds.

Depending on the type of story (ex: status update, check-in, tagged photo), you may also have the option to:

    • Change the date of a story (ex: for an old photo, you can enter the date the photo was taken so it shows up in the right place on your timeline)
    • Delete a post (that you posted)
    • Report a post or mark it as spam (that someone else posted)

    You’ll notice there isn’t a “delete” capability in the edit function.

    2. Can you permanently delete timeline data from your Facebook account? As far as I can tell you can. In Facebook there is a feature called the “activity log” that is a record of all of your activity on Facebook. From the Facebook help center:

    What is the activity log?

    The activity log is a record of all of your activity on Facebook. So if you hide a story from your timeline, this story will still appear in your activity log. Your activity log is only visible to you. However, all of the stories in your activity log are eligible to appear on your timeline (unless you hide them from your timeline) or in your friend’s News Feeds.

    The stories in your activity log are organized by the date they happened on Facebook. You can access your activity log by clicking the View Activity button on your timeline.

    From the activity log you can:

    • Scroll through a history of all of your activity on Facebook
    • View and approve your pending posts
    • Filter the type of activity you see (ex: see all of your status updates or all of the links you’ve shared)
    • Choose which stories are featured on your timeline

 

  • You can also click the button to the right of each story. Depending on the story type (ex: status update, photo, app story), you may have the option to:
    • See the audience you shared
    • Delete posts
    • Report a post or mark it as spam
    • Change the date of a story
    • Remove an app from your account

    So you can potentially delete items from your timeline… So this brings up my question on spoliation of the Facebook timeline; what, if anything, do organizations have to do to safeguard against altering the organization’s or employees personal Facebook timelines if pending litigation is foreseeable?

    Obviously the Facebook timeline is potentially discoverable depending on the circumstances of the case. Organizations need to include the Facebook timeline in their litigation hold/eDiscovery process and to inform impacted employees of their responsibilities to protect potentially responsive information from within all of their personal accounts that could hold relevant ESI including the Facebook timeline data.

    As a side note, it’s always a good practice to regularly remind employees not to mix business ESI with their personal accounts.