Companies that engage in "forensic discovery" are proliferating. These companies get paid to examine computer information and recover electronic data supposedly "deleted". Contrary to popular belief, e-mails and other data do not vanish into thin air with a stroke of the "delete" key. Rather, deleting merely instructs the computer that it is free to write over the hard disk containing that particular document or data. Depending on the size and use of the computer system, it may take weeks or even months to overwrite that space. In addition, the "deleted" file may have been backed up by network administrators several times before it is finally overwritten on the local computer, so the file may exist in several other places as well.
Courts are hitting businesses with sanctions when electronic data has been destroyed or when companies claim not to possess certain information and find out later the information existed on back-up tapes or elsewhere. In addition to monetary sanctions, penalties can include a jury instruction that the evidence was not preserved because it was not favorable to the party's position or even, in extreme cases, entry of judgment for the other party.
A frequent question is, "How do I protect my business?" While nothing can prevent all potential problems, there are several steps that can reduce your chances of encountering a litigation discovery nightmare. If your company uses the Internet and electronic communications, you should consider having a policy concerning use by employees. Following are some of the issues the policy can address:
- the extent of usage allowed -- i.e., restrictions on the use of e-mail and the Internet;
- ownership of the employer's computer, technology and communications system, including e-mail and the Internet;
- expectations of privacy (or lack thereof) for e-mail messages and Internet use;
- the right to monitor use of e-mail and the Internet; and
- inappropriate use of e-mail and the Internet under the company harassment and other policies.
In order to ensure compliance, you should communicate or disseminate policies directly to employees, and employees should sign an acknowledgment that they read, understand, and agree to abide by the policy and its terms. You need to be proactive with electronic data. A carefully crafted and properly implemented policy is insurance against future problems.