It has been reported that much of Hillary Clinton’s email during her tenure as U.S. Secretary of State is gone. While it is unclear if she broke any laws, the missing email is certainly controversial. It may also sound familiar.
Like the U.S. State Department, your business is unlikely to preserve every email sent or received or every document created. At some point, someone may come looking for email or other documents that your business once had but no longer possesses. While the U.S. Select Committee on Benghazi is probably not interested in your business, you may be served with a civil or criminal subpoena, receive an investigative request from a government agency or be given a document request during litigation.
Whether it's your car keys, a receipt for a broken watch or important corporate emails, it is always unsettling when you can't find something you know you once possessed. The consequences for not having maintained email or documents are wide-ranging— from absolutely none to criminal.
On one end of the spectrum, if your business was never obligated to preserve email, its absence may save you resources and minimize your risks since you can't produce what you don't have and were not required to preserve. On the other end of the spectrum, if your business had an obligation to preserve email but didn't, its absence could possibly even have criminal implications.
In the case of the U.S. State Department email controversy, while there may be no basis for criminal charges, the reputational harm caused by the deletion of the missing emails may have only just begun.
Here are five tips for managing your risk when your business is asked for lost or destroyed email or documents:
1. Determine your legal, business and practical obligations.
Evaluate your business’ legal and contractual obligations to preserve documents and email. For example, if you are a healthcare provider, patient medical records are usually required to be maintained for a period of years. Likewise, if you are an auto dealer, NHTSA requires you maintain certain records and your contract with the OEM likely includes specific requirements.
Irrespective of your industry, if you are involved in a lawsuit, you are required to preserve all documents that may be relevant to the pending litigation. Even if your business doesn't have an obligation to preserve the requested documents or email, consider if it would have made good sense to have kept the information anyway.
2. Confirm the email or document is really gone.
Once you're confident that the requested email or documents are not where they once were, or where they were supposed to be, or have been destroyed or deleted, check again. Ensure that the emails or documents are not on a back-up tape, an inactive server in the data center, an employee’s smart phone, an errant USB drive on your CFO’s desk, in cloud-storage or on the laptop hard-drive of a recently departed employee— to name just a few possible places to check.
Apart from any electronic destinations, you also should confirm that the email or documents were not printed and stored. In sum, it is prudent to conduct a thorough search to locate additional copies of the lost email or documents.
3. Mitigate the consequences of the missing email or documents.
If it's clear that your business was not required to preserve the lost email or documents, promptly advise the requesting party that you will not be providing responsive information. If you have nothing to hide by the non-existence of the requested documents or email, being forthcoming may help you avoid being accused of wrongdoing.
If it's possible that your business was required to preserve the requested email or documents, revisit your obligations, evaluate the consequences and carefully devise a strategy to minimize your exposure. For example, if you are an accountant, the Sarbanes-Oxley Act imposes the risk of criminal sanctions for the willful destruction of work papers earlier than seven years. Likewise, for financial institutions, the Bank Secrecy Act imposes stiff monetary fines for willful violation of record keeping requirements that can be imposed on both the institution and individual responsible employees.
For all businesses, if missing documents were requested in the course of litigation, a litigant may suffer spoliation sanctions if the documents destroyed were required to be preserved, relevant to the lawsuit and destroyed with a “culpable” state of mind.
Courts determine the appropriate sanctions on a case-by-case basis, and they include the imposition of monetary fines, the dismissal of a case or a jury instruction that the jury may infer a fact based on lost or destroyed evidence. Even in a lawsuit mistakes can be made - acting in good faith, being forthcoming and working cooperatively with the opposing side can go a long way to mitigate adverse consequences.
4. Understand the circumstances in which the email or documents became missing.
In the best of circumstances, the email or documents will have been destroyed as part of your business’ routine document purge and in accordance with a robust information management compliance program. If that isn't the case, figure out exactly how the email or documents went missing.
5. Consider hiring a computer forensics professional.
If the missing documents or email consist of electronically-stored information, consider hiring a forensic computer professional at the earliest possible instance. A sophisticated and skilled forensic specialist may be able to find lost, missing or deleted electronic data on your own computers.
A demand may be made of your business to produce documents or email it no longer has. A request for information that you cannot provide is likely to cause anxiety and concern, and may pose significant risk to you and your business. Following these five tips will help you manage your risk when you evaluate your options and respond to the inquiry.
Click here to check out my previous post regarding lessons learned from Hillary's Email-Gate for avoiding email and e-discovery liability.
Add a comment
- Commercial Liability
- Civil Litigation
- Business Risk Management
- Litigation Discovery
- Alternative Dispute Resolution (ADR)
- Business Torts
- Corporate Formation
- Commercial Real Estate
- Commercial Leasing
- Real Estate
- Real Estate Mortgages
- Commercial Loans
- Regulatory Law
- Mortgage Foreclosure
- Shareholder Liability
- Risk Management
- Fraud Activity
- Damages Recovery
- Tax Law
- Cyber Attack
- Class Action
- Product Liability
- Biometric Data
- Banking Law
- Statute of Limitations
- Noncompete Agreements
- Internet Law
- Consumer Protection
- Residential Liability
- Zoning and Planning
- Department of Education (DOE)
- Fair Debt Collection Practices Act
- Fair Credit Reporting Act
- Unfair Competition
- Uniform Commercial Code (UCC)
- What New Lawyers Bring to the Practice of Law
- What Rights do Limited Liability Company Minority Members Really Have?
- Arbitration or the Courtroom, Who Decides?
- Wait, I Have to Pay my Own Attorney? But I Won the Case?
- Preliminary Injunctions in Michigan, the More They Change the More They Stay the Same
- President Biden Signs Cryptocurrency Executive Order Establishing Whole-of-Government Approach to Regulating Digital Assets Industry
- My 5 Lessons Learned from the COVID-19 Pandemic
- Am I at Fault for Breach of Contract if the Other Party Breached It First?
- Maximizing Damages Recovery in Michigan's District Courts Challenged by Jurisdiction Limits
- Proliferation of Security Cameras, Drones Doesn't Necessarily Reduce Reasonable Expectation of Privacy Under the Law