Welcome to Module 2-H.
Surveys Shows Negligent e-Records Management Is Creating “Stunning Business Risks” and a Case in the Supreme Court Proves It.
A survey of records managers by Cohasset reveals continued neglect in the management of electronic records. The survey shows 40% of organizations do not include electronic records in their retention schedules and 55% do not include emails; only 14% always follow their records retention policy; 44% do not include electronic records in their litigation hold procedures; and, 46% do not think their electronic records are accurate, reliable or trustworthy. This modules analyzes the study and what it means. It also examines the Quon decisions by the Ninth Circuit and Supreme Court as an example of the trouble that can be caused by poorly enforced computer use policies.
The statistics in the records manager survey are amazing to me, especially when you consider this survey is limited to those organizations with full time professional records managers. It is reasonable to assume that the statistics are far worse for companies that do not have a records management department. The bottom line of the study in my view is that:
The majority of organizations are not prepared to meet many of their current or future compliance and legal responsibilities.
The outstanding challenges associated with the management of electronic information assets have the potential to be devastating in terms of costs, professional careers, and even corporate reputations.
The number and magnitude of organizational and operational problems reflected in the survey findings collectively represent stunning business risks.
The integration of electronic records into the organization’s records management program should be a priority, and electronic records control gaps should be the focus of immediate corrective action.
In a hopeful sign for the future, the survey shows that senior management of corporations and governmental entities are beginning to understand the consequences of this neglect, and take steps to resolve it. Also, believe it or not, the survey shows improvement from prior years.
This work has a high degree of credibility and should be a wakeup call for corporate America. It was co-sponsored by the leading professional associations in this area, ARMA (Association of Records Managers and Administrators) and AIIM (Association of Information and Image Management, a/k/a Enterprise Content Management Association). A white paper entitled Call for Collaboration, by Robert F. Williams and Lori J. Ashley, reports on the survey. It was based on information from more than 1600 respondents in 2007, and a total of more than 5500 respondents in the survey’s four prior years – 1999, 2001, 2003 and 2005.
Although much of the report is written in polite and correct jargon, it does not mince words as to the significance of most organizations’ failure to have a functioning litigation hold procedure:
The indisputable fact: an extraordinary number of organizations are negligent with regard to a formal system to ensure records hold orders are successfully administered. For any organization which is the likely target of litigation or regulatory inquiries, the absence of a formal plan to respond to discovery requests must be considered an unacceptable risk. Not having such a system is a legal land mine waiting for detonation. Where there is no formal system for records holds orders in their organizations, records management professionals need to work aggressively with their legal colleagues to correct this significant deficiency.
Another interesting finding is that most IT departments administer electronic documents, but they have no understanding of the basic premise of records management, that all records should have a “life cycle.” That is, they are born, have a useful life of some duration appropriate for the type of record involved, and then die. In other words, records are only supposed to be retained for as long as they are needed to meet the organization’s legal and business requirements. After that, they are supposed to be destroyed, or in some rare instances, like with historical documents, archived for preservation.
The survey shows IT has no clue about “records life cycle” (or at least that is what the records managers think). For this reason, IT tends to treat all electronic records like the original paper Constitution. They try to archive everything so that it will last forever, usually in multiple, ever spreading copies. They tend to backup and preserve electronic records forever, or at least for as long as the latest technology permits, and are lax in the destruction of records. IT fears that the day after they destroy a record someone in senior management will have a rush demand to retrieve it. The mistaken desire for immortal records has had draconian consequences well described in this report:
Higher Storage Costs – If electronic records are retained without a clearly defined disposition trigger (as determined by an organization’s retention schedules), the volume of records will grow rapidly and that growth will be mirrored in the cost for electronic records storage.
Greater Discovery Costs – Since unnecessarily retained records can be the subject of legal discovery, the costs associated with producing records that should have been destroyed are totally unnecessary expenses.
Unwittingly Assisting Plaintiffs – Unnecessarily retained records can be used against the organization in future litigation. This is potentially the most significant cost.
In line with one of the fundamental premises of this course, the authors of this report recommend that senior management begin to address these problems by forming a:
cross-functional Team (business, legal-compliance, IS/IT, records management) and collaborative approach to ensure an integrated and sustainable records management program.
The advice to in-house counsel is similar. They recommend that the legal department:
Establish an ongoing interactive relationship with IS/IT and records management regarding the organization’s management of its valued information assets, especially electronic records.
I could not agree more. The “stunning business risks” created by the negligent management of electronic records is a high priority problem. It is too big and too complicated a problem for any one branch of a large organization to solve on its own. It is time for the legal departments, IT, records management and operations management to stop working in isolation. They have to work together on this common task. Every study seems to reach this same conclusion. Only an interdepartmental approach will succeed to fix this interdepartmental problem. Companies have to begin by forming, and empowering, a cross-functional Team with members from each department, what I call an “e-Discovery Team.” Only an e-Discovery Team can possibly clear the “legal land mine waiting for detonation” which was uncovered by this study, and many others like it.
Another Survey of IT Departments Shows They Are Unprepared Too
A November 2006 survey by Computerworld indicates that most companies are not prepared for the rule change. The popular magazine reports that a survey of 170 IT managers and staffers showed: 32% were not prepared at all; 6% somewhat unprepared;4% halfway prepared; 11% somewhat unprepared; 5% completely prepared; while a whopping 42% said they did not know the status of any preparation efforts. My guess is that most who said they did not know are in fact unprepared. This means the vast majority of IT departments, perhaps as high as 80%, are not ready for e-discovery. The follow-up question seems to confirm that.
The magazine then asked IT if they knew who was in charge of preparing for e-discovery: 35% did not know; 27% said no one; 20% said IT; only 8% said in-house legal counsel; 5% the compliance department; with the last 5% saying other.
That eight (8%) percent figure is surprising. You would think that the legal departments would have a bigger presence. It does not say the size of the companies polled. I would suspect many were small to midrange, with limited in-house legal staffs. Regardless, this survey confirms the suspicions of many commentators that corporate America is still not prepared to respond to electronic discovery, and that disastrous, Coleman v. Morgan Stanley type e-discovery cases are likely to continue for many years to come.
A Supreme Example of What Can Go Wrong When an Organization Does Not Have a Good e-Records Retention Policy or Computer use Policy
The case of Quan v. Arch Wireless, 529 F.3d 892, 2008 WL 2440559 (9th Cir., June 18, 2008) provides a excellent, and fairly common example of what can happen when an employer, a city in this case, does not have or enforce electronic records and computer use policies. It is a supreme example because the Supreme Court accepted the appeal of the Ninth Circuit opinion. The Ninth had upheld employee privacy rights in part based on the cities policies.
The facts of this “sexting” case are interesting. It involves a swat team police officer who sent many, many sexually explicit text messages to his wife, and to his mistress. Not only that, he did this “sexting” during work hours using a pager issued to him by his employer, the police department. The pager was intended for emergency communications. Some emergency!
In spite of these facts, the Ninth Circuit held that a public employee has a reasonable expectation of privacy to text messages and emails, and found unlawful search and seizure by the employer. The police department had read the text messages on its pager in connection with an audit for text message over-charges, and this lead to disciplinary action against the swat team officer. The police department employer had relied upon its formal computer use policies and procedures, to which the officer had signed a written acceptance, to try to justify its actions. The policy clearly stated that there was no privacy for any electronic messages at work, including email and text messages.
The Ninth Circuit indicated that it would have enforced these policies, but for the fact that the employee’s supervisor had implemented a different informal policy causing the swat team officer to have a reasonable expectation that his text messages would not be reviewed. The court held that the “operational reality” trumped the “formal written policies.” For this reason, the employer’s review of the employee’s text messages violated the employees privacy rights, and that of his wife. This appeal was accepted by the Supreme Court who later reversed in a narrowly crafted opinion.
SUPPLEMENTAL READING. Read the Quon opinion by the Ninth Circuit. Quon v. Arch Wireless Operating Co., 529 F.3d 892 (9th Cir. 2008). Also read the transcript of the oral argument to the Supreme Court and the final Supreme Court opinion. What language change in the employer computer use policy might have changed the outcome of the Ninth Circuit opinion? the Supreme Court opinion? What was the question or comment in the oral argument to the Supreme Court that you think demonstrated the greatest lack of understanding of the technology facts of the case?
EXERCISE: An interesting exercise is to ask the e-discovery vendors and attorneys you know what their take-away is on the Supreme Court’s Quon opinion and its impact on e-discovery. I bet you get a lot of different answers, including what is the Quon opinion.
NON-MANDATORY ADDITIONAL READING: Find an article in ARMA, AIIM, or in ComputerWorld, that was written in the last twelve months and pertains in some way to Information Governance and e-discovery. While you are at it, check out the IGI, and see if you understand what this initiative is all about? Are you aware of the generational gulf in the Information Governance world, and why most old-liner disagree with Losey’s positions on IG?
Students are invited to leave a public comment below. Insights that might help other students are especially welcome. Let’s collaborate!
Copyright Ralph Losey 2015