A Call to Arms: Why Local Governments should Embrace e-Policy

INTRODUCTION

This paper offers reasons why local governments should consider adopting policy in response to the Federal Rules of Civil Procedure (FRCP) as amended in 2006 to deal with the discovery (e-Discovery) of electronically stored information (ESI). While FRCP was overhauled again in 2010, this paper concentrates on the original amendments of 2006 to narrow the focus to ESI and e-Discovery.

Though ESI, e-Discovery, and FRCP affect any organization, public or private, the following discussion will focus primarily, but not solely on local government. Additionally, we will explore legal consequences of not having sufficient policy in place by looking at recent court cases.

Related terms and definitions may be found in the appendix.

ALPHABET SOUP

SOX, HIPAA, GLBA, FRCP, OSHA, ERISA… local governments are awash in an alphabet soup of federal regulations, which can force localities to adopt policies and enact ordinances to ensure regulatory compliance. Of all the federal regulations with which local governments must contend, perhaps none are as potentially insidious or as costly to comply with as the Federal Rules of Civil Procedure (FRCP) as amended in 2006 to deal with the discovery of ESI. Specifically, FRCP “govern the conduct of all civil actions brought in Federal District Courts”[1], while the amendments of 2006 address “digital email and data archiving and monitoring”[2]. Furthermore, it is interesting to note that since 2006, “more than 50 court opinions on electronic discovery have been issued”².

Obviously, the FRCP amendments of 2006 are not intrinsically insidious, but until a locality becomes the target of a federal lawsuit, it may not be fully aware of the need for policy to manage electronically stored information. Unfortunately, by the time a federal lawsuit is brought against a locality, lack of awareness or preparedness is no excuse as far as the courts are concerned.

Additionally, requirements for the discovery of electronically stored information may impose new costs on local governments in the following ways:

(1) Development of policies and procedures to manage the lifecycle of ESI.

(2) Technology and staff to help manage the lifecycle of ESI and enforce policies.

(3) Management to bring departments into compliance under a set of unified policies.

(4) Identification of sources of ESI enterprise-wide.

(5) Ongoing education of employees as to responsibilities for the handling of ESI.

Local governments are under additional burdens as mentioned in Kara Millonzi’s booklet on e-Discovery: [3]

· “Lack of Resources” due to budgetary constraints or the lack of political will “to expend available resources”.

· “Public Records Requirements” that create “indirect costs or the personnel costs associated with searching for, retrieving and copying the requested records”.

As costly as full compliance with the amendments of 2006 may be, costs may pale in comparison to litigation costs if an organization is not prepared to address e-Discovery in response to a federal lawsuit. Consider, for example, the case of Murphy Oil v. Fluor Daniel from 2002. During discovery, it came to light that Fluor Daniel had not enforced its own e-Mail destruction policy and that a number of years of e-Mail were available that should not have been had the policy been enforced.[4] Murphy Oil sued for the recovery of e-Mail and the court compelled Fluor Daniel to produce the e-Mail.4 Fluor Daniel calculated the recovery cost to be $6.2M dollars.4 In the end, the court shifted the cost of ESI recovery to the requestor, Murphy Oil, citing court analysis in the case of Rowe Entertainment, Inc. v. William Morris Agency from 2002 as the reason for making the requestor bear the cost of e-Discovery.4

In Rowe Entertainment v. William Morris, “black concert promoters” alleged that they were locked out of events involving “white [music] bands”, claiming “discriminatory and anti-competitive practices” on the part of the William Morris Agency.[5] To decide cost-shifting, the court considered eight factors such as how specific discovery requests were; whether the information was available “from other sources”; total cost; and “the resources available to each party”.5 As to the specificity of the requests, for example, the court reasoned that the “less specific the requesting party's discovery demands, the more appropriate it is to shift the costs”5 to the requestor, which was the final decision of the court.

Since 2002, the pendulum has swung the other way such that today, “the presumption under FRCP is that the party producing the ESI bears the cost”[6] of data recovery as we will soon see in the seminal case of Zubulake v. UBS.

FRCP DRIVES THE NEED FOR E-POLICY

In brief, e-Policy is a set of policies and procedures adopted by public or private organizations that governs the lifecycle management of electronically stored information (ESI). ESI is a term coined in the FRCP amendments of 2006 to describe any data that is created, manipulated, transmitted, stored or destroyed via any electronic means, inclusive of current technologies as well as future technologies.

The FRCP amendments of 2006 affirmed that for federal litigation, “all electronically stored information is subject to discovery”[7], meaning that ESI can be subpoenaed and entered into evidence. Since evidence can either help or hinder one’s legal case, it seems reasonable that local governments take steps to protect themselves; developing e-Policy is one such proactive step.

The genesis of the FRCP amendments of 2006 for e-Discovery “stems from a series of prior decisions in Zubulake v. UBS Warburg”[8] issued between 2003 and 2005. The plaintiff, Laura Zubulake, sued “her former employer, under federal, state and city law for gender discrimination and illegal retaliation”, claiming that “key evidence was located in various e-mails exchanged among employees that now existed only on backup tapes and perhaps other archived media”.[9]

This case established an analytical process to address the issue of cost-shifting for discovery to determine which party should pay costs associated with recovering ESI.9 As we saw earlier, the court used an eight factor test in Rowe Entertainment v. William Morris to determine cost-shifting.5 In Zubulake v. UBS, the court created seven new factors in its determination of which party should pay costs associated with e-Discovery, including the specificity and relevancy of the request and availability of the data elsewhere as in Rowe as well as the total cost of recovery compared to “the amount in controversy”, each party’s ability to pay, the importance of the issues being litigated, and the benefits of the ESI to each party.9 In Rowe, the court found the request for ESI to not be specific enough, therefore justifying cost-shifting to the requestor of the ESI instead of the producer.5 In Zubulake, however, the court found that “Zubulake is entitled to discovery of the requested e-mails so long as they are relevant to her claims, which they clearly are.”9

The employer, UBS Warburg, estimated the cost of ESI recovery to be $175,000 and was subsequently “ordered to produce all responsive e-mails… at its own expense” as well as “e-mails from any five backups tapes selected by” Zubulake.9 Interestingly, in 2005, UBS Warburg was subjected to a $29.3M jury verdict for deleting e-Mail and losing backup tapes in the litigation with Zubulake.[10]

For added protection for parties involved in federal litigation, FRCP offers a safe harbor clause in Rule 37 under the heading of “(e) FAILURE TO PROVIDE ELECTRONICALLY STORED INFORMATION” wherein “Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system”.[11] To take advantage of this safe harbor clause, the implication is clear: some combination of policy, technology, and employee education is needed to demonstrate a “good faith” effort on the part of local governments to manage their electronic information systems.[12]

While the safe harbor clause protects local governments that have put forth a good faith effort, the safe harbor clause does not offer protection in the case of spoliation, which is the accidental or intentional deletion of data that has been or will likely be identified as evidence in a legal case. “Courts and regulators” take a dim view of spoliation, which could subject localities to hefty fines.[13] As we will see, an effective e-Policy program can protect organizations from claims of spoliation.

WHAT SHOULD E-POLICY ADDRESS?

Like any policy, e-Policy should establish rules to govern the behavior of employees, define important terms, enumerate penalties for non-compliance, and describe methods for enforcement of directives in the policy. Specifically, e-Policy should “establish comprehensive, written rules and policies that address employee use of e-mail, the Internet, and all other electronic business communication tools – old, new, and emerging” as well as define terms like “business record” and associated record retention and disposition policies.[14] Additionally, e-Policy “should address how often back up tapes are routinely purged, and contain guidance on when such automatic processes should be put on hold with respect to data when litigation can be reasonably anticipated”.[15]

Putting data and processes on hold when litigation is imminent requires a litigation-hold policy, which defines actions that must be taken to protect ESI that may become evidence when a federal legal case arises or is anticipated. Most importantly, a litigation-hold policy that is enforced in a consistent manner is “one of the most effective ways to avoid a spoliation claim”.13

An effective e-Policy program must consider legal issues associated with the management of ESI. As such, “experienced legal counsel” should play a lead role in an organization’s e-Policy program.14 Additionally, relegating e-Policy to a collection of non-binding guidelines and best practices may not offer adequate legal protection in federal court cases.[16] Therefore, resulting policies should be made official by following whatever organizational guidelines are in place.

While the formation of e-Policy is essential to protecting local governments during federal litigation, ongoing education of employees is also key to an effective e-Policy program. Merely documenting elements of an e-Policy without educating employees as to their responsibilities for the creation, storage, and disposition of electronic records may not be enough to satisfy the courts. Local government employees who act outside of policy due to their own ignorance or the lack of enforcement of policy can cause legal problems for their organizations, as we will see shortly. Therefore, localities should demonstrate a commitment to their e-Policy programs by providing ongoing education just as they do for personnel-related issues like workplace diversity and sexual harassment.

In The e-Policy Handbook, Nancy Flynn offers additional considerations for an effective e-Policy program, including e-Policy rules, a list of “Dos and Don’ts”, and sample e-Policies.[17]

WHAT CAN HAPPEN TO ESI THAT MAKES E-POLICY IMPORTANT?

The lifecycle of ESI marks the states of data from the time it was created, copied, or generated through the time of its use to some terminal state like archive or destruction. Within the lifecycle of ESI, data has a certain lifespan; that is, the length of time that data must be retained. The lifespan varies along a continuum, starting with data that can be destroyed upon its creation and ending with data that must be retained forever. The lifespan of ESI is typically defined by a data or document retention policy as mandated by law or dictated by organizational policy.

Acknowledging the lifecycle of ESI levies certain responsibilities upon local governments to ensure that data is first identified as ESI and then managed as required by internal policy and law for its required lifespan. Specifically, the lifecycle of ESI implies that data than can be destroyed will be destroyed on schedule and that data that must be archived will be archived. Not following retention policy for ESI can result in non-current ESI, which can be as destructive to one’s court case as not being able to produce ESI that courts would reasonably expect an organization to produce.

Employees can easily short-circuit or artificially extend the lifespan of ESI. For example, employees may keep local copies of ESI on computers, smart hand-held devices, or memory sticks at work or at home. Employees may also attach business records to e-Mail and send them out a number of recipients inside and outside the organization. Once ESI is distributed externally, it may be subject to a different e-Policy or lack thereof. Employees may post ESI to the web outside the control of an organization, possibly extending the life of ESI indefinitely. Employees may also prematurely destroy ESI for personal or professional reasons that are not sanctioned by their organization.

Consider the case of the Zurich American Insurance Company as an illustration of what can happen when employees both archive ESI and prematurely destroy ESI, independent of e-Policy. In 2007, Zurich American and two associated law firms were fined $1.25M for a prior bad act on the part of Zurich American.[18] To avoid insurance pay-outs to several lessees of the Twin Towers after the 911 tragedy, Zurich American deleted a policy with endorsements that showed the lessees in question were covered.18 Zurich American then created a new version of the policy less the endorsements to complete the ruse.18 In 2003, a copy of the original policy surfaced, having been stored on an employee’s computer. The judge in the case was quoted as saying that “Zurich eliminated the electronic version of the policy as it existed on Sept. 11, 2001, but fortunately, the policy persisted in paper form in Mary Merkel's files”.18

While Zurich American is clearly a case of fraud on the part of the insurance provider, this case indicates what can happen when there are no controls, workflow, or monitoring associated with the creation and destruction of important business documents, all of which are a necessary part of any e-Policy program. For example, things may have turned out differently for Zurich American had they enforced e-Policy to disallow employees like Mary Merkel from self-archiving business data. Additionally, if Zurich American had enforced e-Policy with tracking and monitoring technology, perhaps they would have never attempted to perpetrate fraud in the first place.

E-POLICY: READY OR NOT

If any of the following issues apply, a locality may be unprepared to fully respond to discovery requests for ESI:

· e-Policy is non-existent.

· e-Policy lacks a litigation-hold policy.

· e-Policy has not been formalized as official organizational policy.

· e-Policy has not been uniformly enforced.

· Procedures and technology do not support the enforcement of e-Policy.

· Employees are not aware of e-Policy and the requirements for compliance.

So, what can happen to a locality that is the target of federal litigation and finds itself unprepared and lacking an effective e-Policy program?

Consider the recent case of Swofford v. Eslinger. In this case, a sheriff, two deputies and their in-house counsel were found personally liable for court fees and costs due to spoliation that stemmed from their claim of ignorance “with the Rules of Civil Procedure governing a litigant’s discovery obligations”.[19] Specifically, “Robert Swofford , a recent multi-million dollar Florida state lottery winner, was shot in his backyard seven times by two sheriff’s deputies in pursuit of burglary suspects”.19

Swofford sued the local sheriff and two deputies “for the use of excessive force and unlawful entry onto the owner's property, in violation of Mr. Swofford's Fourth Amendment rights”.[20] Swofford’s attorney sent letters to the sheriff “requesting that the sheriff’s office preserve all evidence within its possession related to the shooting”, but the sheriff’s in-house counsel ‘did not issue any directives or “litigation hold” memos to suspend all orders, practices, or policies that could lead to the destruction of evidence relevant to the case’.19 As a result, “information was deleted or destroyed in light of the preservation demand letters” and to make matters worse, “the deputies [in question] dismembered their guns, recycled their radios, and destroyed their uniforms”.19 The court decided that “therefore, the award of fees and costs will be imposed jointly and severally against each of the three Defendants and Mr. Lane [in-house counsel], each in his official capacity”.20

Obviously, in-house counsel for Eslinger should have issued a litigation-hold upon notification from Swofford’s attorney to preserve ESI that might be subject to discovery in court. However, it is not clear that had counsel issued a litigation-hold order, the sheriff’s office would have been able to “suspend all orders, practices, or policies that could lead to the destruction of evidence relevant to the case”20 since there was no indication that the sheriff’s office had an e-Policy program in place.

Another example of consequences for a local government that is unprepared to respond to discovery of ESI is the case of Toussie v. County of Suffolk, New York. The County of Suffolk was sued by plaintiffs who asserted “that their civil rights were violated when they were denied the opportunity to purchase certain parcels of real estate at a county auction”.[21] The county was not forthcoming in complying with court-ordered discovery of ESI; specifically, e-Mail. Initially, the county “argued that its employees did not routinely communicate through e-mail” – a claim that was summarily rejected by the court.[22] Next, “the county [unsuccessfully] argued that it lacked the resources to perform the court-ordered search because it did not have an e-mail archival system”.22

In reaction to the county’s stonewalling, the court forced the county to hire a contractor to recover ESI “at a significant cost to the county”.22 Subsequently, the ESI in question was not recoverable because the county had failed to issue a litigation-hold. In response, the court forced the county to pay the plaintiff’s costs associated with preparing for and appearing in court.22

In this case, it appears that Suffolk County did not have sufficient staff to perform the work ordered by the court per the County’s own admission. Instead of accepting this excuse, the court forced the county to hire staff. This is a case of ‘“Lack of Resources” due to budgetary constraints or the lack of political will to expend available resources’ as mentioned previously.3

IN CLOSING: A CALL TO ACTION

Since 2006, “the presumption under FRCP” has been to place responsibility on the producers of ESI to pay data recovery costs associated with e-Discovery.6 As we have seen, costs associated with e-Discovery can reach millions of dollars. Furthermore, being unprepared, adopting an “ignorance is bliss” attitude, or not providing necessary funding to preserve or recover ESI does not provide a safe legal haven.

While localities are under fiscal stress to cut budgets in order to cope with the “new economy”, they must consider the costs of not adopting an effective e-Policy program. If political will is lacking to adopt e-Policy, the safe harbor rule of FRCP may offer enough incentive to motivate decision makers. If costs are preventing the adoption of e-Policy, one need only consider the legal and financial ramifications of not embracing an effective e-Policy program as explored previously in this paper.

Clearly, local policy makers must be made aware of the need for e-Policy and issues related to FRCP and e-Discovery as well as associated costs. To that end, local governments might seek champion-leaders from the ranks of their Legal, Finance, Internal Audit, and Information Technology departments. Champion-leaders should be well-connected to governmental operations and understand the scope of effort needed to bring an enterprise under a set of unified policies governing the management of ESI. Without someone to champion the cause of e-Policy, a wake-up call for local government could come too late in the form of federal litigation and court-ordered e-Discovery.

Bibliography

Altheim M. (2011, March 6). Privacy, European Union Data Protection and EDiscovery: EDiscovery in the US. EDiscoveryMap. Retrieved March 11, 2011 from http://ediscoverymap.com/

BusinessInsurance.com. Zurich, Attorneys Sanctioned in 9/11 Coverage Case, Retrieved March 11, 2011 from http://www.businessinsurance.com/article/20070701/ISSUE0101/100022273

Counsel.CUA.Edu. Summary of Federal Laws: Federal Rules of Civil Procedure Related to Discovery and Electronically Stored Information. Retrieved March 1, 2011 from http://counsel.cua.edu/fedlaw/FRCP.cfm

FederalRulesOfCivilProcedure.Info. Federal Rules of Civil Procedure. Retrieved February 28, 2011 from http://www.federalrulesofcivilprocedure.info/frcp/

Flynn, N. (2009). The e-Policy Handbook, NY: AMACOM.

InBoxer.com. The Federal Rules of Civil Procedure (FRCP eDiscovery). Retrieved March 11, 2011 from http://www.inboxer.com/whitepaper/federal-rules-civil-procedure

McNeill, E. (2010, June 7). Important Evolution in eDiscovery Case Law. Risk Manager. Retrieved March 11, 2011 from http://sandsandersonriskmanager.com/2010/06/07/ediscovery-evolution/

Millonzi, K. A. (2009). Electronic Discovery in North Carolina-A Guide for Public Sector Entities to the Rules and Tools for Litigating in the Digital Age. Retrieved March 11, 2011 from http://www.sog.unc.edu/pubs/electronicversions/pdfs/ediscovery09.pdf

Millonzi, K. (2009, December 17). Local Governments and their “In House” Counsel Not Immune from E-Discovery Sanctions. Coate’s Canons: NC Local Government Law Blog. Retrieved March 11, 2011 from http://sogweb.sog.unc.edu/blogs/localgovt/?p=1523

Murphy Oil USA, Inc. v. Fluor Daniel, Inc., U.S. Dist LEXIS 3196 (E.D. La.) (2002). Retrieved March 9, 2011 from http://www.lexisnexis.com.proxy.lib.odu.edu/hottopics/lnacademic/

Rowe Entertainment, Inc. v. William Morris Agency, Inc., U.S. Dist LEXIS 488; 51 Fed. R. Serv. 3d (Callaghan) 1106 (2002). Retrieved March 15, 2011 from http://www.lexisnexis.com.proxy.lib.odu.edu/lnacui2api/results/docview/docview.do?docLinkInd=true&risb=21_T11485195426&format=GNBFI&sort=BOOLEAN&startDocNo=1&resultsUrlKey=29_T11485195431&cisb=22_T11485195430&treeMax=true&treeWidth=0&csi=6323&docNo=8

Swofford v. Eslinger, U.S. Dist. LEXIS 111064 (M.D. Fla., Sept. 28, 2009). Retrieved March 11, 2011 from http://www.lexisnexis.com.proxy.lib.odu.edu/lnacui2api/mungo/lexseestat.do?bct=A&risb=21_T11456787360&homeCsi=6323&A=0.9678833208671207&urlEnc=ISO-8859-1&&citeString=2009%20U.S.%20Dist.%20LEXIS%20111064&countryCode=USA

Toussie v. County of Suffolk, U.S. Dist. LEXIS 93988 (E.D.N.Y. Dec. 21, 2007). Retrieved from http://www.lexisnexis.com.proxy.lib.odu.edu/lnacui2api/results/docview/docview.do?docLinkInd=true&risb=21_T11456906926&format=GNBFI&sort=BOOLEAN&startDocNo=1&resultsUrlKey=29_T11456906931&cisb=22_T11456906930&treeMax=true&treeWidth=0&csi=6323&docNo=1

USCourts.Gov. Federal Rules of Civil Procedure, Retrieved March 1, 2011from http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/2010%20Rules/Criminal%20Procedure.pdf

Zubulake v. UBS Warburg LLC, Zubulake v. UBS Warburg LLC, 217 F.R.D. 309, 2003 U.S. Dist. LEXIS 7939 (S.D.N.Y., May 13, 2003). Retrieved March 11, 2011 from http://www.lexisnexis.com.proxy.lib.odu.edu/lnacui2api/results/docview/docview.do?docLinkInd=true&risb=21_T11455910828&format=GNBFI&sort=BOOLEAN&startDocNo=1&resultsUrlKey=29_T11455910831&cisb=22_T11455910830&treeMax=true&treeWidth=0&csi=6323&docNo=7

Appendix

Terms and Definitions

Business Record: Any “document (electronic or paper) that provides evidence of business-related activities, events, transactions, negotiations, purchases, sales, hiring, firing, and so on”. [23]

FRCP: “Federal Regulations for Civil Procedure govern the conduct of all civil actions brought in Federal District Courts”. 1 Authorization for the U.S. Supreme Court to set rules for the FRCP is found in Title 28 of the U.S. Code.

ESI: Electronically Stored Information is not limited to business records and includes any data that is posted, downloaded, transmitted, uploaded, stored, backed up, or acquired by instant messaging (IM) chat, texting, e-Mail, voice, blog, social network, scanning, picture or video messaging, or any other current or future electronic means.[24] Current electronic means includes cell phones, smart phones, scanners, digital copiers, IPODs, IPADs, computers, cloud-based systems, databases, financial systems, memory cards, and so on.

e-Discovery: The legal discovery by electronic means of ESI as defined by the amendments of 2006 to the FRCP, for use as evidence in a federal court case.

e-Policy: A set of official policies governing the handling of ESI from creation through disposition. e-Policy must be combined with “employee education “and “supported with discipline and technology tools… to effectively minimize electronic risks and maximize compliance” with internal business practices as well as FRCP requirements.12

---

[1] FederalRulesOfCivilProcedure.Info, 2011

[2] InBoxer.com, 2011

[3] Millonzi, K.A., 2011, p. 29-30

[4] Murphy Oil USA, Inc. v. Fluor Daniel, Inc.

[5] Rowe Entertainment, Inc. v. William Morris Agency, Inc.

[6] Altheim, 2011

[7] Flynn, 2009, P. 5-6

[8] McNeill, 2011

[9] Zubulake v. UBS Warburg LLC

[10] Flynn, 2009, p. 24

[11] USCourts.Gov, 2011, p. 59

[12] Flynn, 2009, p. 233

[13] Flynn, 2009, p. 22

[14] Flynn, 2009, p. 240

[15] Counsel.CUA.Edu, 2011

[16] Flynn, 2009 (implied)

[17] Flynn, 2009, p. 233-283

[18] BusinessInsurance.com, 2011

[19] Millonzi, K., 2011

[20] Swofford v. Eslinger

[21] Toussie v. County of Suffolk

[22] Millonzi, K.A., 2011, p. 29

[23] Flynn, 2009, p. 15

[24] Flynn, 2009, p. 15-16