E-Discovery at School: Lost E-mails & Erased Hard Drive

Electronic Record Retention at Educational Institution


Needed Litigation Hold Before Lawsuit Filed


Since adoption of special amendments to the Federal Rules of Civil Procedure (FRCP) in late 2006, the field of e-discovery law has grown more dangerous for all enterprises. Recent cases show courts are serious about expecting litigants to possess and be able to find their e-mail and other electronic records.

===



A case in point is Jane Doe v. Norwalk Community College, a garden-variety lawsuit brought against a sympathetic public institution. It illustrates how expensive e-discovery issues can be for even a well-meaning public enterprise that fails to keep good, centrally-managed e-mail records.

Student Allegation

A student alleged that a teacher at Norwalk was making sexual advances toward her. Faculty members discussed the allegations by e-mail, and police opened an investigation in February 2004. The teacher in question left the college.

Then in November 2004 the student sued the college and demanded under the litigation rules of discovery that the college turn over all relevant e-mail records. The college was not forthcoming, so the student hired a computer forensic expert who examined the laptop that had been issued to the teacher. The expert claimed the college had destroyed electronic evidence. He showed that the college possessed 500 e-mails from the relevant time period belonging to a certain teacher who knew about the allegations, but the college could not produce this teacher's e-mail concerning the allegations.

The college's IT manager tried to explain to the judge what happened. He told the court that the college did not intentionally destroy anything, although he admitted that after the suspect teacher left, the college followed its usual policy of cleaning the hard drive of the laptop belonging to the teacher so it could be given to another employee. The cleaning was a well-intentioned policy to protect the privacy of student information and to prevent unauthorized access to the college's IT infrastructure. Further, the IT manager said some records may have been overwritten in the ordinary course, and some records may have been lost due to computer error.


Court Not Persuaded
The college did not persuade US District Judge Janet C. Hall. The judge said the college should have preserved all evidence relating to the suspect teacher from the beginning of the police investigation in February 2004. What's more, the judge did not believe the college's explanation for why e-mails could not be found. The judge found that Norwalk was "at least grossly negligent, if not reckless" in its failure to preserve electronic records. As a consequence, the judge ordered the college to pay the student's costs in pursuing e-discovery from the college (i.e, the costs of hiring the forensic expert). Moreover, the judge ruled that when this case goes to trial, the jury will be told that the college destroyed or mishandled records that would have supported the student’s side of this case. Thomas B. Scheffey, "Erased E-Mails Return as Sanction in Harassment Case," August 27, 2007, The Connecticut Law Tribune.

This latter sanction carried severe implications for the college. It increased the likelihood the institution would lose the case and have to pay sizable money damages to the student. In fact, this small college eventually settled the case for $765,000, plus a commitment to provide all employees with training on harassment. Lisa Chamoff, "NCC settles sexual assault suit for $765K," February 29, 2008, The Norwalk Advocate.


Lesson
If the college had possessed more complete and better organized records at the outset, it would not have found itself at such a disadvantage in court. Litigation trends suggest that any enterprise is wise to be generous in the retention of e-mail by decision-makers and to be capable of easily finding and searching the more recent records. A prudent course would be for the enterprise to implement a central e-mail archival system. --

Mr. Wright teaches the law of data security and investigations at the SANS Institute.