Technology Law and Defensible
Deletion: When Is It OK to Hit Delete?
Author: Eric Everson, MBA, MSIT-SE, JD Candidate May 2013
In today’s Big Data environment, most data center managers
would tell you that you have to delete data in order to maintain scalability in
volume management. In contrast to this,
eDiscovery advisors around the country are warning you about huge penalties
that deleting data may subject you to.
So what’s the correct path? When is it okay to hit Delete?
From the onset, the truth is, there is no single answer here
as every situation requires at minimum a Defensible Deletion Analysis
(DDA). A Defensible Deletion Analysis (a.k.a.
DDA) is a comprehensive assessment of target data and associated metadata in
comparison to the corresponding hold requirements and litigation risks. A DDA will at minimum identify the spectrum
of risk associated with deleting certain data.
When I perform a DDA, the first few questions I identify are:
·
What kind
of data is it? (Personal info, financial, health-related, archived emails, essential/
non-essential)
·
What are
the storage standards of this data type? (How long are you required to keep
it and on what authority?)
·
What are
the risks? (Identify the risks and degree to which each may exist)
·
What is
the recommendation? (Is this the
type of data that can be defensibly deleted?)
Generally, what I am seeing is that businesses rarely have
blanket deletion policies in place, but in so many instances there are certain
data types that get deleted more regularly than others. Archived email is a good example of data that
often gets deleted, but as a result can carry profound legal consequences. It is important to have a data preservation
policy in place that not only identifies the data type, but also one that
assigns a priority scheme to the data.
In such a scheme an email from a C-level employee would be assigned
higher priority than perhaps an email from a non-customer facing subordinate
employee.
The bottom line here is that it is okay to delete data, but
at minimum conduct a DDA every time as part of your defensible deletion
strategy. In today’s preservation
sensitive legal system, deleting data has become a very risky business, so be
sure to take the appropriate steps before you delete anything. As the case law demonstrates, this is just as
important for start-up businesses as it is for well established industry
titans. We have but just entered the threshold
of the Big Data environment and in this kingdom Delete is a 6-letter word with
serious consequences.
#eDiscovery
Are you on Twitter?
Follow me @IntleDiscovery
---------------------------------------------------------------------------------
About the Author: Eric
Everson is a 3L law student at Florida A&M University – College of Law
where he will graduate in May 2013.
Prior to law school he earned an MBA and Masters in Software Engineering
while working within the U.S. telecommunications industry. The
views and opinions presented in this blog are his own and are not to be
construed as legal advice. Eric
Everson currently serves on the Board of Governors for The Florida Bar Young
Lawyers Division Law Student Division and is the President of the Electronic
Discovery Law Student Association at Florida A&M University – College of
Law. Follow @IntleDiscovery
Tags: ESI, Defensible Deletion, eDiscovery,
Delete, Preservation, Big Data, Data Risk, Data, Defensible Deletion Analysis, Archived
email, data types, technology law, Preservation Policy, data center, data
center management
