New Email Rules Effective Friday

An anonymous reader writes "As of today [Friday], certain U.S. companies will need to keep track of all the e-mails, instant messages and other electronic documents generated by their employees, in accordance with new federal rules. In April the Supreme Court began requiring companies and other entities involved in federal litigation to produce 'electronically stored information' as part of the discovery process of a trial." From the article: "Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of 'virtual shredding,' said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation. 'There are hundreds of "e-discovery vendors" and these businesses raked in approximately $1.6 billion in 2006, [James Wright, director of electronic discovery at Halliburton Co.] said. .'"

Re:Exempt from all this of course

[Spazntwich]

Our government fears transparency because we'd see the damage done to its lungs after years of surviving on tobacco taxes.

Re:Nice; tell you about new rules, just not the ru

[magarity]

Most impressive! Not only did you not read the article, you didn't even read the summary that clearly states this is for "companies and other entities involved in federal litigation."

Legislated expense

[jdray]

The company I work for has been implementing this sort of infrastructure over the past year. It's hard. With all the IM clients available, getting one system that will handle all the traffic and maintain usability in the face of changing features across the field is hard enough; couple that with long term storage requirements for corporate e-mail where the culture is to send huge attachments around willy-nilly, and add in all the other changing requirements, and the burden to adhere to this new bit of legislation becomes quite a burden.

Couple that with the fact that the company I work for is a regulated utility that has to convince the local PUC each year that costs to provide service continue to go up, and the margins just keep getting tighter. Every year around March, there's a panic call from Accounting asking everyone to contribute some of their budget back to the bottom line because of some new development that wasn't forseen the previous year. For a cash-strapped IT department wanting to provide good service, the problems just mount up, stresses are high, and the employment door keeps revolving.

Re:Massive Pretty Good Privacy

[fossa]

I agree with your sentiments, but I think no one cares about encryption. For what it's worth, freenigma [freenigma.com] provides GnuPG webmail through a Firefox extension and an existing webmail account supported by freenigma (includes GMail, Yahoo, Hotmail, others). I have not used freenigma, but last time I read the docs I got the impression it was not compatible with, say, mutt's PGP/MIME which I use for kicks (I have zero encryption using friends).

One thing that always bugged me about mutt's PGP is that attachments are neither signed nor encrypted. I'm not sure if this is a mutt problem or a general OpenPGP issue, but it is certainly unfortunate. I suppose one is expected to manually encrypt attachments prior to mailing? This might be acceptable, even preferable, if computer interfaces were not so cumbersome.

As for no one caring about encryption, I propose creating an animation for sending email, similar to the Windows file transfer animation with the sheets of paper flitting across the screen. This animation would add dozens of little faces watching the email, with visible text, flit across the screen. An encrypted email could perhaps be represented as a closed envelope.

Re:Nice; tell you about new rules, just not the ru

[nm42]

Keep in mind that many states adopt the federal rules with little or no modification for use in state courts. Within the next few years, these changes will be incorporated into local rules for just about every jurisdiction.

The scariest parts of the new federal rules are:

• 26(b)(2) which says that a party can designate information as "not reasonably accessible". It's supposed to protect companies from having to spend huge amounts of money to restore backup tapes from ancient systems, but it's going to lead to a lot of additional motions (and more attorney's fees) to prove whether the data really is inaccessible.
• The Committee Note for Rule 34(a) states that a party may be required to provide access and technical support to an opposing party for inspecting data (which would include things like a database, SAN, or other systems). Not only do you have to give them the info, you have to show them how to understand it as well.
• There are other scary provisions, but the overall theme of these rule changes are a shift in the timing of dealing with discovery issues. Traditionally, many cases settle or are dismissed before the discovery process (usually the most expensive part of a case) begins. The new rules require the parties to evaluate and discuss these issues within the first 120 days. This means litigation gets more expensive for the big companies (usually a defendant), but the small plaintiffs won't see much of a change, other than getting bigger settlements earlier in the case!

Re:What's next?

[darkmeridian]

The rules only require companies to maintain their normal course of business. The exception is if a company realizes it is going to be sued, or the target of a government investigation. Under those circumstances, the company has to enter into a hold and stop destroying data even if it would have done so in the normal course of business.

Re:Massive Pretty Good Privacy

[neoform]

How hard do you think it'd be for the government to get their hands on those PGP keys if they were stored on google's servers.. ?

Google is a US company and should a court request those keys.. they'd give them.

In house counsel???? WTF?

[tacokill]

He said SMALL business. Most small businesses I know don't have in-house counsel. Hell, many are lucky if they have ANY counsel, even on retainer.

Good suggestion, but way off base for small business.

I have the same problem the GP mentioned and am not sure if this affects us or not. How would you know if you are "subject to federal lawsuits"? EEOC (discrimination) lawsuits would count as federal -- so do I need to address this or not? In theory, everyone is subject to federal suits so should everyone have to deal with this? I don't know.

That is what the GP was asking.

Re:What's next?

[Vellmont]

I'm an admin in a smaller company as you - shared hosted email. If you really want to play it safe, I would say make the responsibility of saving email the responsibility of each user.

It's a good thing you're an admin, and not head of the company. Here's how your scenario might play out it court:

Judge: Email 1 is a reply to email 0, but I don't see email 0. These are all emails to Dwayne. Dwayne, what happened to email 0?

Dwayne: Umm.. I guess I must have deleted it by mistake. I do that all the time. I know we're not supposed to delete email, but this email thing is complicated and I must have hit the wrong button or something.

Judge: Ok, but companies keep backup tapes these days. What happened to them?

Archen: Oh I just decided to leave all that stuff up to the users. I couldn't be bothered with buying more tapes and modifying my backup schedule. The backup tapes get over-written every week, and that email was from 3 weeks ago.

Judge: I see. Well you've obviously in violation of the ruling. I can't hold Dwayne here responsible since these systems are complicated, and data retention should be handled by someone specially trained. But since you made the decision, I'm holding the entire company responsible and fining you 1 million dollars. I'm also recommending to the federal prosecutor you be charged with obstruction of justice Mr. Archen. Destruction of data also won't help the case against you.