Reading through the many eDiscovery vendor whitepapers on the topic, one would think that instant message ("IM") retention and archiving should be the focus of every good eDiscovery preparedness initiative. In a thinly veiled effort to boost demand for their products, these vendors have made the blanket assertion that all companies must retain IM for discovery purposes as a result of the amendments to the Federal Rules of Civil Procedure (the "Amended Federal Rules"), which went into effect on December 1, 2006. According to these vendors, this is so because IM falls within the definition of electronically stored information ("ESI") as set forth in the Amended Federal Rules. While organizations must account for the Amended Federal Rules in their eDiscovery undertakings, the impact of IM on information management policies is debatable.
These vendors have been pushing organizations to save and archive IMs for later production in the eDiscovery setting, but the IM-as-ESI dialogue should occur long before and focus on two other critical areas: (i) does your organization need to retain IM; and (ii) if so, how can it authenticate IMs that may be used as evidence in a legal proceeding?
IM has been around for several years, and its popularity in the business environment is increasing. Gartner analyst David Smith predicts that by 2013 IM will be used by 95 percent of employees as their de facto communications tool for voice, video and text chatting.1 Gartner also states that IM use in business - currently hovering around 25 percent - will reach the 100 percent level as soon as 2010.2 That same year, Gartner predicts that the IM market will be more than $680 million, dispelling any lingering notions that IMs are just for teenagers.3
While the proliferation of IM usage may continue for business reasons (similar to that of E-mail usage in the mid-1990s), the risks associated with IM may be even greater. On this point, the ePolicy Institute asserts that more than 50 percent of IM users send or receive potentially risky and legally harmful information such as workplace gossip, jokes and confidential information via instant messaging.4
Putting aside the liability considerations associated with creating and then retaining harmful communications, before an organization decides to monitor and save its employees' IM, it should also consider whether its actions will violate any privacy laws. For example, the Federal Electronic Communications Privacy Act ("ECPA"),5 protects against unwarranted interception or retrieval of electronic communications. Title I of the ECPA, known as the Wiretap Act, makes it a criminal offense to "intentionally intercept[]any wire, oral or electronic communication."6 Because IM chats are conversations occurring in real time, similar to telephone calls, an employer's monitoring of IM conversations may also implicate the provisions of the Wiretap Act.
Where data access, rather than message interception, is the issue, Title II of the ECPA, the Stored Wire and Electronic Communications and Transactional Records Act (the "Stored Communications Act") applies.7
The volume of new information to manage, coupled with the potentially harmful content being transmitted via IM and the privacy risks, may send many IT and in-house counsel into a panic over the financial and legal risks associated with IM preservation and production. But before your organization decides to archive IM, there are a few important facts that it should examine.
While the Amended Federal Rules define ESI as a separate class of discoverable information, they do not explicitly define ESI. However, the committee notes clarifies Rule 34(a), governing the production of documents and ESI, noting that the rule "applies toinformation that is stored in a medium from which it can be retrieved and examined."8 Accordingly, a party must search and produce records from "reasonably accessible" sources, identifying to the requesting party a description of where potentially relevant evidence - including electronic records and repositories - exists.9
It is accepted that E-mails, Word documents, Excel spreadsheets and the like are included within the definition of ESI. What is not so clear is where and how IM fits into the ESI definition. According to some, it would seem obvious that IM is the same as E-mail. However, a thorough reading of the hearings that occurred prior to the enactment of the Amended Federal Rules and recent case law suggests that IMs are not per se to be considered ESI.10 Additionally, IM is not typically stored in a medium from which it can be retrieved and examined.
While the distinction between E-mails and IM seems minor at first, the different treatment makes sense when one considers the use of each tool. IM is more similar to live conversations. They happen in real time with the expectation that the recipient will be available at that moment to receive the message. E-mails, however, more closely mimic traditional letters in which the sender is unsure of when the recipient will get the message. Letters and E-mails are also more formal, lengthier and likely more thought out (at least in theory) than live chats and IM. The most crucial difference for eDiscovery purposes, however, is that E-mails and hand-written letters are expected to be saved for future retrieval and production, whereas live conversations and IM are thought to exist only in that moment and are not stored in an IT environment. Organizations must be aware of this practical difference and the early case law on the subject before deciding whether to archive and retain IMs.
Given the difficulties in managing E-mail, few in the in-house legal community should rush to begin archiving and retaining IMs. The first step in the analysis is to determine whether IMs are subject to the same retention and production requirements as other business records generated and/or stored by your organization. For some organizations, the Securities and Exchange Commission ("SEC") and the National Association of Securities Dealers ("NASD") have resolved that issue for you by promulgating rules that explicitly place a three-year retention requirement on IMs.11 Companies regulated by these bodies must therefore take active steps to record and retain IM conversations. For those organizations that do not fall within the jurisdiction of those regulatory bodies, cautious scrutiny should be given to the issue of IM retention and production. Moreover, legal considerations, and not technology capabilities, should drive the debate.
To Continue Reading: Click Here
-------------------------------------
Source: Metro Corporate Counsel
By: Timothy J. Carroll
Wednesday, August 01, 2007
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment