E-Discovery & Fraud Mitigation

Keyboard2One of our fellow Chapter members currently finds himself consumed by a complex examination involving e-discovery issues.  It seems the case involves the production to the court by our member’s client of all the e-mails of 20 named employees directly or indirectly involved in a suspected fraud over a three year period.  Needless to say, the client organization, a medium sized company with outsourced administration of its IT to the cloud, is struggling to comply within the court’s strict timeframe for compliance.

The U.S. court system’s Federal Rules of Civil Procedure (FRCP) have required for the last decade or so that any enterprise that might find itself involved in litigation in federal court must maintain electronic records.  The general term “electronically stored information” (ESI) as applied to today’s vast array of electronically generated documents, encompasses more than just the simple fact of storage and retention, but extends on to the requirement that the ESI generated by an enterprise is also secure and protected from unauthorized access, use or destruction.  Further, the FRCP rules require that company attorneys and IT managers be able to clearly demonstrate to the court how ESI is stored, the company procedures established to manage, control, protect and retrieve it under court order and the policies governing their retention.  If all that weren’t enough for any organization, the rules require evidence of an established history (and an implementation routine) for any deletion of our client companies ESI.  Feigned ignorance and plausible denial of the requirements are not tolerated and can lead to heavy fines and penalties.

Two important concepts involving ESI have complicated the case of our member’s client; hold management and spoliation.  Hold management refers to the company’s ability to effectively respond to a legal action.   Once an enterprise is notified of a legal action, all records that may relate to that action are placed on legal hold; they may not be destroyed or altered and their profile information may not be modified.  They must be protected from destruction until the hold is lifted by the court.  Our member’s client, in the normal course of business, had overwritten a number of relevant employee e-mails in the understandable effort to make room for new data on its e-mail server.

As a consequence and to make matters worse, during the legal process the client firm also found itself potentially guilty of spoliation of evidence.  Spoliation of evidence refers to the willful destruction of evidence that’s germane to the case in litigation and this includes destruction of ESI.  Spoliation is an issue fraught with complication in our cloud based world; given the volume of electronic documents created in virtually every business today it’s necessary to delete, archive and overwrite documents in the routine and normal course of business.  Indeed, many client companies have existing data management systems and/or data retention policies in place which mandate deletion on a regular basis. That’s exactly the case with our member’s client.

Fortunately, for the client, it had a formally documented, board approved, data retention policy in place.  Section 26(f) of the FRCP provides for a safe harbor against sanctions being imposed in the event that electronic information might be lost under the “routine good faith operation” of such a data management system or data retention policy as the client’s.  It’s important to emphasize, however, that this amendment doesn’t provide a shield for any party that “intentionally” destroys specific information due to its relationship to litigation or for a party that allows such information to be destroyed in order to make it unavailable to discovery by exploiting the routine operation of an information system.

As a component of our routine fraud risk assessments, we need to point out to our clients, in light of the variety and volume of the communications that pass through their organizations each day, the absolute necessity for a viable, well-thought-out, and fully tested document management program covering communications data currently at rest in all media.  But it isn’t enough to simply have a plan.  The fraud risk assessment tests the likelihood of the occurrence of differing fraud scenarios and tries to propose countermeasures.  Part of the on-going testing of scenarios should be testing of the data management’s plan’s capacity to specifically handle the data demands of the litigation process.  This should even include the evaluation of systems as sources of ESI containing older information; if such information can’t be assessed reasonably and at reasonable cost, a determination should be made (and documented) as to whether the data should be retained.

In the case of fraud, we know it’s not a question of “if” but “when”.  We should recommend, as a component of the fraud prevention program, that the client periodically conduct benchmarking exercises using the enterprise’s data retrieval tools of choice against all the client’s varieties of ESI to establish ease of retrieval metrics.  These types of metrics establish the time frames and costs of searching various electronic communications source systems under various fraud scenarios and their related parameters, i.e., how long will it take to gather all the internal communications having to do with the introduction of a customer service that’s the subject of litigation involving deceptive advertising practices; what are the costs involved in producing all communications involved with a significant management financial fraud, etc. The point is that repeatable data recovery processes that have been periodically tested under a schedule and found to reliably return actionable, sought-after records can be a significant key to the successful negotiation of e-discovery requests as well as significantly reduce the costs associated with fraud mitigation, litigation and loss recovery.

Comments are closed.