New Email Rules Effective Friday 193
An anonymous reader writes "As of today [Friday], certain U.S. companies will need to keep track of all the e-mails, instant messages and other electronic documents generated by their employees, in accordance with new federal rules. In April the Supreme Court began requiring companies and other entities involved in federal litigation to produce 'electronically stored information' as part of the discovery process of a trial." From the article: "Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of 'virtual shredding,' said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation. 'There are hundreds of "e-discovery vendors" and these businesses raked in approximately $1.6 billion in 2006, [James Wright, director of electronic discovery at Halliburton Co.] said. .'"
What's next? (Score:5, Informative)
In order to save money, my company hosts our website and e-mail on a shared server. E-mails are downloaded via POP3 and immediately deleted from the server (each account can only hold 20MB online at one time). Most people then delete their e-mails after reading, so we have absolutely no way to retrieve this data.
This doesn't seem to impact my company, but at some point I fear regulators will start requiring more stringent data retention processes (among other IT tech processes). SOX has already hurt large companies, hopefully they don't start pushing some its fundamentals down to the little (non-public) folks.
Misleading (Score:5, Informative)
This is a bit misleading. Its only "virtual shredding" if you don't keep the records around for a reasonable period (either by statutory requirements or insutry standards) or if you have notice of litigation in which the evidence is relevant, and you continue to shred.
Thats why there is a document retention policy safe harbor in the rules themselves.
FWIW, lawyers, even the "technology experts" don't seem to understand technology as well as someone who came through IT before becoming a lawyer.
(disclaimer: IT guy-turned-lawyer, so I always think I know more than "pure lawyers" when it comes to tech).
The amendments (Score:5, Informative)
Re:Nice; tell you about new rules, just not the ru (Score:3, Informative)
Re:Nice; tell you about new rules, just not the ru (Score:3, Informative)
This only applies to compaies [myway.com] under federal litigation, but I'm sure it'll get a lot more pageclicks if you make it sound terrifying and scream things like WE'RE ALL GONNA DIE!
Truth time, kiddies! You absolutely must hold on to email and IM data... IF it is part of a subpoena or a discvoery process, and so on. But there's nothing requiring companies to hold on to such data for any specified period of time.
Re:What's next? (Score:4, Informative)
Links to the rules (Score:4, Informative)
The pertinent rules appear to be the Federal Rules of Civil Procedure, specifically Rule 16 dealing with pretrial scheduling and Rule 26(f) relating to discovery and disclosure.
Cornell University has these rules online. They might be outdated already.
Rule 16 [cornell.edu]
Rule 26 [cornell.edu]
Wikipedia also has a writeup on the Federal Rules of Civil Procedure [wikipedia.org].
Do a search for rules on electronic discovery [google.com] for more commentary.
Re:Massive Pretty Good Privacy (Score:4, Informative)
http://www.squirrelmail.org/plugin_view.php?id=15
This is plain old FUD... heavy on the 'F' (Score:2, Informative)
This is not legislation.. it is part of the court rules. In a lawsuit, you have to provide all relevant documents to the other side. In the past, there had to be a *lot* of court time wasted on deciding what was subject to disclosure (i.e. a man does work for the company from home... is his home computer subject to examination? Answer: yes). This rule change simply makes standard what most all the court rulings concluded was subject to disclosure anyway.... all it does is save wasted court time in disputes by making the rules clear.
If a company has a "document retention policy" that sais all e-mails will be deleted in 30 days, all backup tapes will be overwritten or erased in 30 days, etc., then they can continue doing that. No one has to retain anything under these rules. These rules say that anything that *is* retained, has to be turned over in a lawsuit. After a lawsuit is started (technically when a company becomes aware of a claim even before suit is filed) the company has to not delete anything they know is relevant.... but continuing to follow the published document retention policy for everything else is fine. This has been so for many, many years. Nothing is changing is this regard.
Companies that do bad things will have evidence of doing bad things.... they will want to delete things. Companies that don't do bad things will have evidence of their proper behavior, and they will not want to delete things. I was once involved in a case where a man was blinded by some chemicals. He claimed there was no warning sign. I found the e-mail in a user's mail archive confirming installation of the warning sign, dated 6 months before his injury. If that company had been deleting all e-mails 30 days old in archives (they deleted 30-day old mail, but it did not reach local archives on the users' HD), they would have lost this exculpatory evidence. As a result, they changed policy to have uses include the word "SAFETY" in the subject line of all e-mails related to safety, warning signs, safety related repairs and maintenance, etc., and e-mails with that in the subject line were excluded from the deleting policy in the future.
Re:What's next? (Score:5, Informative)
This is a no-brainer, right? If you're the kind of company that is subject to these retention rules, having a shared email server that immediately deletes DL'd messages, with no user policy
at the local level, either, is illegal. You'd have to immediately move your email in-house and implement appropriate policies, or find a 3rd-party that can handle it, or some mixture.
If you're not the kind of company that is subject to these rules, who the fuck cares?
If you don't already know that your company is subject to these rules, and it turns out you do need to follow them, fire your in-house counsel because they're incompetent.
Re:What's next? or who's next? (Score:1, Informative)
Do yourselves a favor and become a part of anoNet [anonet.org] now.
Re:Nice; tell you about new rules, just not the ru (Score:4, Informative)
Re:Legislated expense (Score:1, Informative)
What's hard? Pick one of the jabber/xmpp servers and be done with it. Wildfire Enterprise covers logging.
Re:Exempt from all this of course (Score:3, Informative)
The $61 trillion in unfunded liabilities we currently have for Medicare ALONE. Medicare which is set to go bankrupt in 2018, Social Security in 40 years. "Emergency war spending" so that we can "pretend" we get "closer" to balancing the budget. Printing out gobs of money destroying the value of our savings so they can pretend to pay for all this shit
Please, if you think they are somewhat honest in how they present any of the ways they pay for or fund anything you are kidding yourself.
http://releases.usnewswire.com/GetRelease.asp?id=
Re:Links to the rules (Score:3, Informative)
Re:What's next? (Score:3, Informative)
The summary mentions companies "involved in federal litigation." If you are not involved in federal litigation (you're not being charged with a crime or sued or under subpoena), then you can do anything you like. The moment you become involved in federal litigation, you cannot destroy any electronic data, as it is discoverable by the court.
The fact that this is a new official rule shouldn't frighten anyone - this has been the case all along. The official rule just clarifies the rules as they apply to electronic documentation. The rules were written for paper and voicemail at best, not email, IM, backup tapes, etc etc.
Net effect: no change. If your small company came under investigation last year, you would still be subject to the same spirit of the law regarding data retention as you would be if your company came under investigation today.
Re:What's next? (Score:2, Informative)