Do the New Rules Discourage IT Improvements?

ibmcomputer.jpgDo the new Federal Rules of Civil Procedure (“FRCP”) reward the continued use of outdated computer systems where information is hard to find and retrieve?  Overall, no.  But surprisingly one of the new rules does reward inefficient IT, and it is an important rule at that:  Rule 26(b)(2)(B).  Although it is not the intended purpose of the rule, there is no getting around the fact that 26(b)(2)(B) is a disincentive to IT upgrades designed to improve accessibility to stored information. It does so by providing special protection from discovery to hard-to-access computer data, protection not afforded to any other type of digital evidence.

Fortunately for hardware and software vendors the impact of this one “pro-Luddite” rule is outweighed by the terms of the other new rules, primarily Rules 16(b) and 26(f).  They require a party in federal litigation to very quickly identify, preserve, search, and produce relevant computer data.  The new FRCP timelines established by these rules cannot be met by businesses unable to quickly access the high volumes of electronic records stored on their computer systems.  For that reason, the overall impact of FRCP, despite Rule 26(b)(2)(B), supports the upgrade and migration of IT systems to improve information accessibility.  A company in litigation today must be able to quickly and efficiently locate and retrieve information relevant to the dispute. It is foolish to continue to use outdated technology where that is often difficult, if not impossible.  In fact, that can often make the difference between winning and losing a lawsuit.  That is why many companies are now moving away from unsearchable backup tapes, to new searchable tape systems, archiving, live mirroring, or other solutions.  That is also why they are investing in software to more efficiently search and preserve information, especially emails.

Rule 26(b)(2)(B) FRCP goes against this trend and provides some small comfort to procrastinators who put off these needed upgrades.  This rule actually encourages inefficient IT because it places hard-to-find computer data off limits from discovery, absent a special showing of good cause not required for all other computer evidence.  In other words, if you store computer data so that it is hard to access, then, as a general rule, when you are sued, this information is, to a large extent, exempt from discovery. Unlike other relevant computer information that is stored efficiently, so that it can be reasonably accessed, if information is very difficult to access, then you do not have to access it at all. You do not even have to search it to see if it contains relevant evidence, and so, of course, you also do not have to produce it. You just have to disclose that it exists, and explain why it is hard to get to. Then it is up to the requesting party to try to persuade the court that special circumstances exist to justify the burden and expense of discovery.  This is a so-called “two-tiered” system of discovery, with “not reasonably accessible” data requiring a second-tier of good cause proof to be discoverable.

Here is the full text of Rule 26(b)(2)(B):

(B) A party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost. On motion to compel discovery or for a protective order, the party from whom discovery is sought must show that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C). The court may specify conditions for the discovery. (emphasis added)

Information considered by the law to be “not reasonably accessible” and thus protected from ordinary discovery by this rule includes backup tapes, “legacy data,” and “double deleted” files.  By “legacy data”, I mean information stored on hardware or requiring software that is no longer used or easily available. By “double deleted” files, I mean files no longer listed in FAT, but still located on a hard drive or other storage device because they have not been written over yet by new information. (For more on what I mean by “double deleted” as opposed to single deleted, see the Blog entry of June 2, 2007.)

The “pro-Luddite” aspect of FRCP inherent in 26(b)(2)(B) seems to have escaped the notice of most IT commentators and vendors, especially those in the information storage and retrieval field.  They promote the idea that compliance with FRCP requires companies to upgrade their IT systems.  They affirm that FRCP now mandates businesses to make all of their computer data reasonably accessible, especially their email, which is the primary focus of discovery in most lawsuits.  To read all of the hype in this area, you would think that the new FRCP contains provisions requiring specific technology improvements, such as archiving of email. 

They do not, and in fact, as you can see by the terms of Rule 26(b)(2)(B),  this rule protects old, inefficient systems.   It serves to put information that is not reasonably accessible – that is, information stored in a manner that is burdensome or expensive to retrieve – outside the scope of normal discovery.  Therefore, in that way, Rule 26(b)(2)(B) rewards a company that maintains its data inefficiently by excluding that data from discovery.  The company is saved from the expense of preserving or searching for that kind of data.  To put it simplistically, you do not have to produce what you can’t easily find. So, why make anything easy to find? If you do, you just make it discoverable. Following this argument, the best strategy to avoid the high expense of e-discovery is to store your company’s business information in sources that are not reasonably accessible.  This is what I call a Luddite strategy of “deliberate inaccessibility”.  

Although I do not agree with this strategy for reasons I will explain below, I recognize that the argument does have some merit. I think this aspect of FRCP should be openly discussed, and not just swept under the rug.  In fact, this language in 26(b)(2)(B) is, in my view, and others, one of the most significant weaknesses in the new rules, and will cause problems for years to come. See Garrie, Armstrong & Burdett, Hiding the Inaccessible Truth: Amending the Federal Rules to Accommodate Electronic Discovery, 25 Rev. Litig. 115, 2006.  As Garrie, Armstrong & Burdett point out in another law review article on Sarbanes-Oxley and e-discovery, the Zubulake decisions have the same technology-chilling effect in so far as they place a special burden of cost-sharing on a party seeking discovery of inaccessible data, including legacy data and backup tapes.  

Zubulake thus creates a perverse disincentive that prevents companies from investing in more efficient data storage technologies, because parties with efficient storage systems are generally forced to produce more digital documents than parties using legacy storage systems. Although companies eventually may determine that the need for a newer storage system exceeds the risks posed by broad electronic discovery, litigants should not be forced to weigh potential adverse legal consequences against the benefits that could be realized by investing in appropriate systems for their business needs. (footnotes omitted)

Electronic Discovery and the Challenge Posed by the Sarbanes-Oxley Act, Garrie & Armstrong, Electronic Discovery and the Challenge Posed by the Sarbanes-Oxley Act, 2005 UCLA J.L. & Tech. 2, Para 13.

Other commentators acknowledge the problem, but then dismiss it too easily by stating that courts will see through any fraudulent schemes to hide evidence in inaccessible systems. This argument assumes fraudulent intent.  For authority these commentators usually cite the Rambus saga of cases.   Rambus, Inc. v. Infineon Tech. AG, 220 F.R.D. 264, 284 (E.D. Va. 2004); Rambus, Inc. v. Infineon Techs. AG, 155 F.Supp.2d 668, 680-83 (E.D.Va.2001); Rambus, Inc. v. Infineon Techs. AG, 222 F.R.D. 280, 286 (E.D.Va.2004); Samsung Electronics Co., Ltd. v. Rambus, Inc., 439 F.Supp.2d 524 (E.D.Va., July 18, 2006). These cases expose the deliberate actions by Rambus to change its record retention policies and physically destroy evidence in anticipation of bringing patent litigation. (See my Blog of March 3rd, 2007 for further discussion of this interesting case and the employee “shred days.”)  

This kind of facile response – “don’t worry about 262(b)(2)(B) because the courts will pick up on any fraud” – begs the question.  Obviously if a company moves all of the data it does not want found into a legacy system before filing suit, instead of just destroying it as in Rambus, then this is a fraudulent scheme and will likely be exposed.  But this does not address the more realistic scenario of a company that simply continues the status quo of maintaining old systems with unreasonably accessible data.  It does not address the non-fraudulent scheme.  The strategy of “deliberate inaccessibility” is not necessarily fraudulent. In most cases it will more likely be driven by procrastination and short-sighted thinking.

Again, to reiterate, I do not think a company should follow this kind of strategy of inertia.  A company should not put off upgrades to their IT systems to make more information accessible, just because this might take the information out of the protection of Rule 26(b)(2)(B). The strategy of inaction is too risky. Businesses should improve their IT systems, especially email, and move away from old technologies that are hard to search.  Everyone, especially businesses involved in frequent litigation, should move towards making their information retrieval more efficient and reliable.  I think they should do so both for business purposes, and for litigation readiness purposes. But it is not a simple black and white matter of compliance with FRCP as some contend. The reality is, FRCP is a mixed bag, and companies should act now to improve information accessibility primarily for business and records management efficiency reasons, and only secondarily because of litigation.

Even from the litigation perspective alone, a full risk analysis counsels in favor of technology improvement, not status quo.  Attempts to rely on 26(b)(2)(B) to protect data from discovery by using obsolete storage, such as tapes and legacy systems, are too risky.  The risk is unacceptable because the exemption of inaccessible data from discovery is in turn subject to a second-tier “good cause” exception.  The vague “good cause” exception allowing discovery is not defined by the rules.  Under this second-tier analysis a court can require the production of even inaccessible records, regardless of how much burden and expense this may cause.  This is an unacceptable risk because the expenses in a situation like that can be enormous.  Costs of  three million dollars in just five months are not that unusual.  See Kentucky Speedway, LLC v. NASCAR, 2006 U.S. Dist. LEXIS 92028 (E. D. Ky. Dec. 18, 2006). It is true that a court has discretion to shift some of these costs onto the requesting party, but you cannot count on that.

Good cause for discovery of inaccessible data can be shown in any number of ways, depending in large part on how the governing judge views the case and the discovery sought.  The Rules Committee Commentary specifies some of the factors they think a court should consider in finding “good cause”.  These are suggestions only, and are not binding on any court.  These Commentaries are quoted in full in the Rule 26 Page on the top of the Blog.  Here is my summary of the factors the Committee suggested be considered to decide whether there is good cause to allow discovery of “not reasonably accessible” information:

1. The specificity of the discovery request.

2. The quantity of information available from other, more easily accessed sources.

3. The failure to produce relevant information that seems likely to have existed but is no longer available from more easily accessed sources.

4. The likelihood of finding relevant, responsive information that cannot be obtained from other, more easily accessed sources.

5. Predictions as to the importance and usefulness of the requested information.

6. The importance of the issues at stake in the litigation.

7. The parties’ resources.

It is a long list, and not exclusive, and everyone knows that it will be one of the most heavily litigated parts of the new FRCP for many years to come.

Since the good cause exception is so general and vague, not to mention hard to predict, it is foolish to keep information in the dark based on the hope that it will, for that reason, never be subject to discovery.   You never know when a court may require you to search in the dark at great expense. 

Also, and even more importantly in my opinion, that is no way to run a business or manage records.  Why keep information if you don’t want it, and can’t use it?  It might all come back to haunt you some day (just ask Morgan Stanley), and in the meantime it costs money to store. The best solution to an archaic computer system is to throw it out, and upgrade.  The best solution to archaic information is to throw it out, period.   If there is no valid business purpose or legal requirement to save records, then destroy them.  Don’t just save information because you have the ability to do so.  That is a natural pack-rat tendency of most IT departments, and the one that annoys lawyers the most.  Of course, don’t act rashly either.  Think long and hard, and be sure that you don’t need the records.  Then take the time to purge and destroy, and do it the right way.  Follow the guidelines of Rule 37, document everything, and so protect against any later spurious charges of spoliation.

2 Responses to Do the New Rules Discourage IT Improvements?

  1. TC Makinen says:

    I don’t think any company could support archaic/legacy systems for very long, especially if their only motivation was data inaccessibility. They would face too much pressure from other stakeholders (e.g. internal business units wanting tools to improve productivity; executives wanting newer technology to enhance the company’s image; etc.).

    Like

  2. Ralph Losey says:

    I agree, it is a stupid strategy. But, due to mergers, many cos have legacy systems, and especially legacy data, by default, not strategy. Rather than destroy the data and systems, they tend to just hang around, unused. Like I said, some in IT don’t like to get rid of anything. The reasoning is that perhaps someday they may be needed or useful. The downside of e-discovery exposure is not even considered by IT. So it is out of sight, out of mind, until an e-discovery request comes along, and they become a problem, perhaps a big problem. You have to disclose them, and run the risk of having to search and produce if the requesting party succeeds on the second-tier.

    Like

%d bloggers like this: