WorkGroup Software: e-Discovery and Record Retention

Will Destruction of Collaboration Archives be Treated as Spoliation?

Subpoena for Records of Business Social Networking

Office collaboration software such as Zimbra, Zoho and Google Docs enables people to work jointly on the creation of documents, and talk (e.g., via comments and instant messages) as they work.

Similarly, social networking sites such as Ning allow teams to condense the time needed to complete a project. An engineer told me that a corporate customer recently insisted that his company collaborate by way of a private social networking site because it would be so much faster than e-mail.

As professionals make greater use of collaborative tools or social sites to negotiate business and legal transactions, there will be lawsuits. Lawsuits are an inevitable byproduct of business interaction. A lawsuit is a kind of investigation. The investigation wants to learn who said what and when did they say it. To that end, a lawsuit always seeks to uncover all the records, including especially electronic records.

A new source of records will be all those related to the different stages of collaborative e-discovery in court will be access to the records (archives) stored in connection with Zimbra and similar products. Instinctively, lawyers will advise corporate clients to destroy the archives of a collaborative project when the project is complete.
interaction as messages, documents and transactions were assembled. A coming topic of

Destroy the Records ASAP?
That type of advice has precedent. When lawyers first encountered e-mail, they advised their clients to destroy e-mail records as soon as possible. However, the instinctual advice makes me uncomfortable. The legal system has been punishing enterprises for destroying their e-mail too early. I foresee the legal system meting out the same punishment when enterprises are too quick to delete archives of the interaction during a collaborative project.

A side issue with collaboration records is whether they will reside in-house with the record owner, or be hosted by a third party (the "cloud"), such as If the final records of a business negotiation are in the hands of a third party, an adversary can try to subpoena them directly from the third party (or obtain them with a more aggressive search warrant if the adversary is law enforcement).

In a dispute, the owner of records prefers directly to manage and control the release of records to the adversary, rather than to see them released by a third party. Third party service providers have been known to be too quick and generous in their release of electronic records. See Theofel vs. Farey-Jones, 341 F.3d 978 (9th Cir. 2003), where an Internet Service Provider (ISP) complied with a subpoena (issued by the civil-lawsuit adversary of its business customer) by turning over an excessive number of its customer's e-mail records.

--Benjamin Wright

Mr. Wright teaches the law of data security and investigations at the SANS Institute.

P.S. Will CPAs perform unethically if they put account records in the cloud?


  1. Online collaboration tools like Zimbra, Zoho and ContactOffice can create extensive online archives of corporate documents, edits, negotiations and transactions. The archives could well be stored in the hands of a third-party service provider (like Yahoo, the owner of Zimbra).

    When archives are in the custody of a third-party, they are potentially entitled to less confidentiality than would be the case if they were in the hands of their owner. Legally, it may be easier for for a public or private investigator to access them via subpoena or search warrant, without timely notice to the archive owner.

    Corporate users of online collaboration tools may therefore be wise to embed confidentiality notices in their online archives (similar to confidentiality notices at the bottom of corporate e-mails). The notices might confirm to investigators that the archives contain trade secrets and that the investigotors contractually agree to honor the confidentiality and security of the archives.

    Effectively, such notices might be like end-user license agreements (EULAs) for the archives. See similar ideas at and

  2. Humble prediction: The legal system will also come to expect corporations to retain archives of digital teleconferences and telepresence sessions.

  3. In the article above, there is a statement that the courts are "punishing" corporations for destroying their email "too early". Can you provide any examples of what you are describing. Generally, nothwithstanding a discovery or an anticipated litigation, an organization with a stated disposition policy that regularly follows that policy (including that covering email)and performs disposition as a normal and regular part of its business operations has been found to be acting responsibility (by the courts). Where do you find opinions that differ? Thanks.

  4. Thank you for the comment. This is a big topic worthy of much discussion. You asked for cases. We can start with the Arthur Andersen case, discussed at

    Andersen had a very carefully-written retention/destruction policy, covering both e-mail and other records. Its policy was implemented by highly-educated professionals (CPAs supervised by top partners at one of the most reputable professional firms in the world). With respect to the application of that policy to client Enron, Andersen was being advised by a highly-qualified Harvard-trained lawyer, Nancy Temple.

    Like any well-written policy, Andersen's policy envisioned a "litigation hold". Qualified professionals (i.e., the partners in charge of the Enron account, working from spoken and written advice from Ms. Temple) deliberated on the question of what the firm's retention policy required with respect to the retention/destruction of Enron-related records (including e-mail) at time in question (i.e., August - October 2001). The professionals interpreted the policy to require destruction of records, including e-mail. The professionals believed they made their interpretation in good faith. So they implemented the policy by destroying records during that time period.

    Their implementation of the firm's policy did not look good to a federal jury. The jury concluded that implementation of the policy was criminal obstruction of justice. Result: the legal system destroyed Andersen. To say it differently, the courts punished Andersen severely for destroying e-mail too early – even though Andersen was just implementing its carefully-written policy as interpreted, after deliberation, by highly-qualified, attorney-advised, professionals.

    There are other cases, but Andersen is an important one to start with.

    What do you and others think? –Ben

  5. See my blog post (and comments below the post) for more cases punishing enterprises for early e-mail destruction: