Reading time: 2 minutes 30 seconds
It’s almost Halloween, that time of year when many of us enjoy a good scare. However, one kind of fright no company wants to wake up to is the dark, dreaded monster of noncompliance. We often discuss household names when they face sanctions after information governance nightmares. Think the 2016 hack of Sony Pictures, the 2018 Facebook/Cambridge Analytic scandal, and the 2017 data breach at Equifax. However, it can and does happen even when we don’t hear about it. Let’s take a look at some recent thrillers in the realm of information governance.
Tales from an Email Inbox
In the 2017 ruling of GN Netcom, Inc. v. Plantronics, Inc., an executive at Plantronics deleted nearly half of his emails even though the company had issued a legal hold on all documentation pending litigation. He also instructed other employees to delete emails relevant to the lawsuit. The court found that Plantronics itself didn’t take reasonable steps to recover the emails. The result was a horrific $3 million sanction.
The Lost Data Server
In another 2017 ruling, Welfare Plan Bd. of Trustees et al. v. Connecticut General Life. Ins. Co et al., the defendant’s electronic records were transferred to a third party when their sister company (which owned the defendant’s data server) was sold. Though the sales contract required the third party to maintain the data, it simply didn’t happen. They deleted the electronic records the defendant had a duty to maintain. The defendant was ordered to pay all expert witness fees, attorney fees, and other plaintiff’s costs, in addition to imposed sanctions. Talk about chilling.
The Vanishing (Paper Records)
In a 2016 ruling in the case of O’Berry v. Turner, after a traffic accident, the plaintiff requested the defendant preserve driver logs. The defendant did so by printing a copy of the electronic records. Unfortunately, after a seemingly innocent office move, the paper records disappeared. For the defendant’s part, they had a couple of problems working against them. First, they should have consulted with an expert in records retention. If they had, they would have known the amount of time they were required to retain the records, as well as the best way to go about it. Eerily enough, the paper records were never seen again, and the defendant was hit with heavy sanctions.
In another 2016 ruling in the case of First Financial Security, Inc. v Freedom Equity Group, LLC, the plaintiff was ordered to produce text message relevant to the case at hand, but they, unfortunately, couldn’t comply. An employee involved in the case claimed his son deleted the messages to free up space on his phone. Rather than producing “native copies” of the text messages as ordered, they produced a spreadsheet, which did not suffice. The haunting result was 1.2 million dollars in damages awarded to the plaintiff.
As electronic records become more prevalent, it’s important to think about the frightening consequences of not complying with the laws and regulations that apply to your business. It’s crucial you have someone on your side that can guide your record retention schedule policy so you can best balance your business needs with your legal obligations. You don’t want to end up in a terrifying information governance horror of your creation.
Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.