Charting a safe course through the rising tide of information is a constant battle for organizations. Not only are the costs and logistics associated with data storage more demanding than ever, but so are the potential legal consequences. For many companies, it seems that there are no ports of call from the stormy seas created by the data explosion and resulting e-discovery Bermuda Triangles.
Nevertheless, enterprises seeking to minimize litigation risks and reduce operating expenses can find refuge from these tempests in the Federal Rule of Civil Procedure 37(e) “safe harbor” provision. Rule 37(e) is designed to protect organizations from sanctions when their computer systems automatically destroy or delete email, archival data, and other electronically stored information (ESI). This provision typically applies when companies, acting in good faith, allow the routine and normal operation of their automated systems to overwrite or delete such data.
Cooperation between legal and IT naturally leads the organization to establish records retention policies, which carry out the key stakeholders’ decisions on data retention. Such policies should address the particular needs of an organization while balancing them against litigation requirements. Not only will that enable a company to reduce its costs by decreasing data proliferation, it will minimize a company’s litigation risks by allowing it to limit the amount of potentially relevant information available for current and follow-on litigation.
These defensible deletion goals are not overly idealistic. As an example of an organization that “got it right,” the recent case of Viramontes v. U.S. Bancorp is particularly instructive. In Viramontes, the defendant bank defeated a sanctions motion due to the effective procedures that enabled its defensible deletion strategy. The bank implemented a retention policy that kept emails for 90 days, after which the emails were overwritten and destroyed. The bank also promulgated a course of action whereby the retention policy would be promptly suspended on the occurrence of litigation or other triggering event. Because the bank followed reasonable, effective and good faith procedures, it reduced a stockpile of email and was protected from potential sanctions by the Rule 37(e) safe harbor provision.