Technology Law and Defensible Deletion: When Is It OK to Hit Delete?

Technology Law and Defensible Deletion: When Is It OK to Hit Delete?

Author: Eric Everson, MBA, MSIT-SE, JD Candidate May 2013

In today’s Big Data environment, most data center managers would tell you that you have to delete data in order to maintain scalability in volume management.  In contrast to this, eDiscovery advisors around the country are warning you about huge penalties that deleting data may subject you to.  So what’s the correct path? When is it okay to hit Delete?

From the onset, the truth is, there is no single answer here as every situation requires at minimum a Defensible Deletion Analysis (DDA).  A Defensible Deletion Analysis (a.k.a. DDA) is a comprehensive assessment of target data and associated metadata in comparison to the corresponding hold requirements and litigation risks.  A DDA will at minimum identify the spectrum of risk associated with deleting certain data.  When I perform a DDA, the first few questions I identify are:

·         What kind of data is it? (Personal info, financial, health-related, archived emails, essential/ non-essential)

·         What are the storage standards of this data type? (How long are you required to keep it and on what authority?)

·         What are the risks? (Identify the risks and degree to which each may exist)

·         What is the recommendation?  (Is this the type of data that can be defensibly deleted?)

Generally, what I am seeing is that businesses rarely have blanket deletion policies in place, but in so many instances there are certain data types that get deleted more regularly than others.  Archived email is a good example of data that often gets deleted, but as a result can carry profound legal consequences.  It is important to have a data preservation policy in place that not only identifies the data type, but also one that assigns a priority scheme to the data.  In such a scheme an email from a C-level employee would be assigned higher priority than perhaps an email from a non-customer facing subordinate employee.

The bottom line here is that it is okay to delete data, but at minimum conduct a DDA every time as part of your defensible deletion strategy.  In today’s preservation sensitive legal system, deleting data has become a very risky business, so be sure to take the appropriate steps before you delete anything.  As the case law demonstrates, this is just as important for start-up businesses as it is for well established industry titans.  We have but just entered the threshold of the Big Data environment and in this kingdom Delete is a 6-letter word with serious consequences.

#eDiscovery

Are you on Twitter?  Follow me @IntleDiscovery

---------------------------------------------------------------------------------

About the Author:  Eric Everson is a 3L law student at Florida A&M University – College of Law where he will graduate in May 2013.  Prior to law school he earned an MBA and Masters in Software Engineering while working within the U.S. telecommunications industry.  The views and opinions presented in this blog are his own and are not to be construed as legal advice.  Eric Everson currently serves on the Board of Governors for The Florida Bar Young Lawyers Division Law Student Division and is the President of the Electronic Discovery Law Student Association at Florida A&M University – College of Law.  Follow @IntleDiscovery        

Tags:  ESI, Defensible Deletion, eDiscovery, Delete, Preservation, Big Data, Data Risk, Data, Defensible Deletion Analysis, Archived email, data types, technology law, Preservation Policy, data center, data center management