On Mar 18, 2005, at 6:08 AM, JESSE WILKINS wrote:
> In the US there is some discussion over the idea that electronic
> records
> that have been deleted should be treated similarly to those analog
> records
> that have been shredded or taken to the dump. In other words, just
> because
> there exist technologies that can forensically recover records does
> not mean
> that should be the norm.

Discussion yes, but far from agreement I'm afraid.

> The Sedona Conference is in the process of
> finalizing guidelines that argue for treating deleted records as
> unrecoverable and unresponsive to litigation except in those instances
> where
> there is question of destruction of evidence.

At a Glasser Legal Works seminar and in a FIOS webinar, there has been
much discussion of this area of litigation related to evidence
discovery, determining intent of the destruction and who should bear
what portion of the costs.  As you mention about Sedona and the
FRE/FRCP, there is ongoing discussion about what the final outcome will
be, but as long as there are lawyers, plaintiffs, defendants and
judges, it may be  aLONG TIME before an agreement can be reached
regarding "intent" when data has been destroyed.  That delves too deep
into the human aspects related to managing data and designing specific
protections in the system which limit the manipulation of data to a
chain of custody type traceable process.

> The US Federal Rules of
> Evidence and Federal Rules for Civil Procedures are similarly
> considering
> this question. On a related note, both Sedona and the FRE/FRCP are also
> considering rules that would identify backups as just that, allowing
> for
> much shorter retention periods (only the time required for business
> continuity purposes) and not requiring their provision for discovery,
> again
> unless evidence of spoliation exists.

I agree that this IS the case with backups and that it may come to pass
much sooner that backups will be identified simply as a means of
recovering a system in the event of a catastrophic data loss,
especially since most backups are simply serial collections of data
that are relatively unintelligible on their own.  Costs associated with
requiring organizations to recover data from a backup tape should be
left to extreme incidences  where spoliation can be directly proven,
and in these instances, the organizations would likely have been
thorough enough to have also destroyed them anyway.

> I don't know that this is strictly pertinent to you, however I bring
> it up
> because it is a means of addressing the staggering costs (both money
> and
> time/effort) of responding to requests for discovery of electronic
> information.

I also think there are potential ways of dealing with these situations
through organizational policy and data capture procedures, and still
meet the requirements of the law.  Naturally, they would involve
modifications to business practices and additional hardware and media
costs, but you could establish guidelines within your systems to write
like-period retention objects to common media, thereby eliminating the
need to expunge data from platters with mixed retention requirements.
The backups of these platters would also carry records of like-period
retention.  At the time the records on the platter reach their required
retention, the platter could be destroyed. Any specific records
included on it that are impacted by a moratorium of destruction,
involved in a legal matter, or identified as having any historic,
intrinsic or  enduring value beyond the legal requirement for retention
to an organization could be re-written to another form of media.

This would naturally make the day-to-day management of the data a bit
more costly, but it would alleviate any concerns of wrongdoing when it
comes to manipulation of the data, and the system is designed to meet
business needs and satisfies disaster recovery concerns well.

Larry Medina