When I present on e-discovery, I often use EDRM’s Electronic Discovery Reference Model to explain how decisions made about the creation, storage and deletion of electronically stored information (ESI) can affect how e-discovery is conducted in a lawsuit. The EDRM model illustrates how a company’s records and information management policies can impact the volume of ESI that may be relevant in a case, and how this volume can impact the overall cost of e-discovery.
Records retention policies that are carefully thought out and followed by a company can lower the volume of ESI that needs to be preserved, collected and reviewed during litigation, and also can reduce the risk of keeping records that the company no longer needs and carry inherent risks, such as documents with personally identifiable information. If a company is not making decisions about records retention at the organizational level, then it is leaving it up to individual employees to make ad hoc decisions about what is kept and deleted, and is likely increasing its long-term legal risks and costs.
An essential part of an effective records retention policy is the defensible deletion of data. Defensible deletion refers to the process of disposing of information that is no longer needed for business or legal reasons within the framework of an overall information governance strategy.
A recent federal court decision is a good example of how a company can defensibly delete data that it no longer needs. In In re Pradaza (Dabigatran Etexilate) Products Liability Litigation, the plaintiffs in a multi-district litigation (MDL) action involving the medication Pradaxa filed a motion a compel the production of the emails and documents of the defendant’s former vice president of marketing. The plaintiffs also sought an adverse inference jury instruction for spoliation to the extent that the defendant had destroyed those emails and documents.
There was “no question” that the former vice president’s documents would have been relevant to the MDL action. The defendant, Boehringer Ingelheim Pharmaceuticals, Inc. (BIPI), explained, however, that it no longer had these documents because they were destroyed in accordance with the company’s records retention policies.
After holding a hearing on the motion, the trial court concluded that BIPI destroyed the former vice president’s documents pursuant to its document retention policies and that BIPI was not under a duty to preserve these documents for the current MDL action when BIPI acted according to its policies. Accordingly, the court held that BIPI did not spoliate evidence and that the plaintiffs were not entitled to an adverse inference instruction. In re Pradaxa (Dabigatran Etexilate) Products Liability Litigation, MDL No. 2385, slip op. at 7-8 (S.D. Ill. Sept. 25, 2013).
Records retention policies
BIPI presented evidence showing that when an employee leaves his or her employment with BIPI “the company’s document retention policy is to leave all of the employee’s email, user share and hard drive documents in place until 30 days after the employee’s final day with BIPI. After those 30 days, the documents are deleted” unless the documents are subject to an existing litigation hold. “When a litigation hold is released, [BIPI’s] document retention policy is to delete all documents maintained exclusively under the hold within 24 hours.”
Plaintiffs nonetheless argued that the court should not consider these policies because they conflicted with other document retention policies disclosed by BIPI during discovery. The court rejected plaintiffs’ argument and found that BIPI’s policies relating to the storage of Microsoft Office email communications and related documents for current employees did not necessarily conflict with BIPI’s policies with regard to the documents of former employees and litigation hold documents.
Destruction of emails and documents
BIPI’s former vice president of marketing began working at BIPI in May 2009 and left his employment in August 2011. In accordance with BIPI’s document retention policy, the former vice president’s emails and documents would have been deleted 30 days after his employment ended (i.e., Sept. 25, 2011). However, because the former vice president was subject to a litigation hold in another case, BIPI did not delete his documents until Nov. 22, 2011 — the day after the other case was settled and the hold in that case was lifted.
BIPI still had the former vice president’s personnel file and disclosed the file’s existence to the plaintiffs. Moreover, the former vice president identified approximately 40 emails he sent or received from his personal email account which referenced Pradaxa.
Duty to preserve
The parties argued about what legal standard the court should apply to determine when a duty to preserve is triggered before a lawsuit is filed. BIPI argued that the duty to preserve arises when a litigant knows or should know that litigation is imminent. Plaintiffs disagreed, arguing that imminence is not required. According to the plaintiffs, the duty to preserve is triggered when a litigant knows or should know that litigation is reasonably foreseeable.
Applying the “reasonable anticipation” standard, the plaintiffs contended that certain events, taken together, triggered a duty to preserve before BIPI destroyed the documents in November 2011. Plaintiffs relied on the existence of two lawsuits relating to the clinical trials of Pradaxa, adverse incident reports and safety alerts from the FDA, a series of privilege log entries pre-dating November 2011 and “Internet chatter.”
BIPI argued in opposition that its duty to preserve arose no earlier than Feb. 1, 2012, when BIPI received the first demand letter relating to the use of Pradaxa. In response to the demand letter, BIPI put a litigation hold in place on Feb. 15, 2012.
The court ruled that “at least in the Seventh Circuit” the duty to preserve is triggered only when a litigant knows or should know that litigation is imminent, but that it did not matter whether the court applied the “reasonable anticipation” standard or the “imminent litigation” standard to the dispute before it. Under either standard, the court found that BIPI had no reason to anticipate litigation in November 2011 when BIPI destroyed the documents pursuant to its records retention policies.
Even though the court ruled in BIPI’s favor, I suppose one could point to the decision as an example of why there is still much uncertainty about the timing and scope of the duty to preserve and why as a result some companies do not routinely delete ESI as part of an overall records retention policy. BIPI still had to incur the cost of opposing the plaintiffs’ motion to compel and also bore the risk of spoliation based on the court’s finding of when the duty to preserve arose in the MDL action. This is an understandable viewpoint, but not reason enough to justify holding onto all ESI forever.
Because of the long-term costs and risks of keeping records that no longer have any value and leaving retention decisions up to individual employees, companies should consider implementing a defensible deletion strategy that includes at least these steps:
- Forming an interdisciplinary team that involves key stakeholders from IT, records, legal, compliance, data security/privacy, HR and the business units;
- Understanding what data the company is creating and storing and why;
- Categorizing data based on its content and not just based on the type and location of data;
- Creating written records and information retention policies that are built around the company’s business and legal needs and requirements;
- Keeping policies up to date and making sure the policies account for the company’s use of the cloud and social media, regulatory changes and other data policies, such as BYOD and data privacy/security;
- Developing litigation hold and release procedures;
- Educating employees on the company’s policies and providing guidance to them on what they should keep and what they should delete;
- Auditing the implementation of existing policies;
- Using technology to assist in the categorization, storage and deletion of data; and
- Following the company’s records and information retention policies and documenting actions taken and decisions made pursuant to these policies.