Will Destruction of Collaboration Archives be Treated as Spoliation?
Subpoena for Records of Business Social Networking
Office collaboration software such as Zimbra, Zoho and Google Docs enables people to work jointly on the creation of documents, and talk (e.g., via comments and instant messages) as they work.
Similarly, social networking sites such as Ning allow teams to condense the time needed to complete a project. An engineer told me that a corporate customer recently insisted that his company collaborate by way of a private social networking site because it would be so much faster than e-mail.
As professionals make greater use of collaborative tools or social sites to negotiate business and legal transactions, there will be lawsuits. Lawsuits are an inevitable byproduct of business interaction. A lawsuit is a kind of investigation. The investigation wants to learn who said what and when did they say it. To that end, a lawsuit always seeks to uncover all the records, including especially electronic records.
A new source of records will be all those related to the different stages of collaborative interaction as messages, documents and transactions were assembled. A coming topic of e-discovery in court will be access to the records (archives) stored in connection with Zimbra and similar products. Instinctively, lawyers will advise corporate clients to destroy the archives of a collaborative project when the project is complete.
Destroy the Records ASAP?
That type of advice has precedent. When lawyers first encountered e-mail, they advised their clients to destroy e-mail records as soon as possible. However, the instinctual advice makes me uncomfortable. The legal system has been punishing enterprises for destroying their e-mail too early. I foresee the legal system meting out the same punishment when enterprises are too quick to delete archives of the interaction during a collaborative project.
A side issue with collaboration records is whether they will reside in-house with the record owner, or be hosted by a third party (the "cloud"), such as acrobat.com. If the final records of a business negotiation are in the hands of a third party, an adversary can try to subpoena them directly from the third party (or obtain them with a more aggressive search warrant if the adversary is law enforcement).
In a dispute, the owner of records prefers directly to manage and control the release of records to the adversary, rather than to see them released by a third party. Third party service providers have been known to be too quick and generous in their release of electronic records. See Theofel vs. Farey-Jones, 341 F.3d 978 (9th Cir. 2003), where an Internet Service Provider (ISP) complied with a subpoena (issued by the civil-lawsuit adversary of its business customer) by turning over an excessive number of its customer's e-mail records.
Mr. Wright teaches the law of data security and investigations at the SANS Institute.
P.S. Will CPAs perform unethically if they put account records in the cloud?