Migrated from eDJGroupInc.com. Author: Greg Buckles. Published: 2010-08-11 06:00:00Format, images and links may no longer function correctly. Elbow deep in a recent engagement, it occurred to me just how fragile most legal holds really are. A couple years back, one of my friends on the speaking circuit introduced me to a case that seemed to say that hold notification without some kind of verification process was insufficient effort. The case is In re HAWAIIAN AIRLINES, INC., Debtor. HAWAIIAN AIRLINES, INC., Plaintiff, vs. MESA AIR GROUP, INC., Defendant. Case No. 03-00817, Chapter 11, Adv. Pro. No. 06-90026, Re: Docket No. 373 UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF HAWAII 2007 Bankr. LEXIS 3679. The spoliation memo is located here. The lesson that I took away from Mesa’s experience with their data deleting executive was to notify then verify. That was a good starting point, but now I realize that this lesson extends beyond the matter level preservation requirements to include a company’s retention process.
Caselaw, Sedona Conference Commentaries and every other authoritative source is clear on the need to document your reasonable efforts to notify potential custodians and the system administrators who manage the business systems. Clients frequently ask, “How far do we have to go?” Unfortunately, the answer is, “As far as it takes for counsel to be satisfied that we have made a reasonable effort.” So what happens when you have a custodian who completely ignores the notice and deletes ESI? If you discover the transgression, take corrective actions and disclose the details accompanied by proof that this was an isolated incident then you should have a decent chance of dodging sanctions. If this was your key witness, then you may be in for a rough ride.
When assessing a corporate retention program, I immediately look for the enforcement and verification mechanisms. These are the key to demonstrating a consistent, effective destruction of non-record ESI. The creation of a retention schedule just creates your theoretical rules. It states the end goal, but a court will want to see the documented plan that explains how ESI will be classified, retained and eventually destroyed. Policy without practical enforcement is effective corporate information anarchy. Inconsistent retention practices destroy your arguments for declaring backup systems “inaccessible”. If users can systematically disregard your policies without being detected and corrected, then you might as well not have any policy. Every case and company is unique, but if you want to keep one bad apple from spoiling your case you should be prepared to show that your bad actor was the exception rather than the rule.