Electronic Discovery Policy
FunHRBanker
562 Posts
[font size="1" color="#FF0000"]LAST EDITED ON 02-19-07 AT 11:32AM (CST)[/font][br][br]Does anyone have an Electronic Discovery Policy they're willing to share?
Thanks!
Thanks!
Comments
[font size="1" color="#FF0000"]LAST EDITED ON 02-19-07 AT 04:58 PM (CST)[/font]
I am assuming you are not talking about "discovery" as it pertains to producing company records in litigation matters. Instead, I take your question to relate to the monitoring of electronic communications or documents. If so, maybe my company's policy (which also covers telephone monitoring) may be of use. This is the relevant excerpt pertaining to electronic monitoring:
- Monitoring Electronic Documents. All information produced by or residing on X's electronic systems is considered to be the property of X. To ensure that any electronic media owned or operated by X is used only as permitted, X reserves the right to access and monitor activity levels, and further filter, inspect, or perform audits of electronic documents and other information residing on or transmitted through X's computer systems, without notification to the individual. Monitoring involves the retrieval and review of electronic mail (e-mail) and voice mail correspondence, Internet usage, or any electronic documents residing on or transmitted through (X) computer systems. Monitoring activity may occur at any point up to and including the end-computing platform or user terminal.
Electronic Documents. Electronic documents include, but are not limited to, letters, memoranda, e-mail, spreadsheets, databases, proposals, presentations, and diagrams created or saved by employees on their desktop, laptop computer systems, other electronic devices or enterprise servers. As company assets that are used in the daily operation of company business, these records are subject to monitoring, access, and disclosure by the company for any purpose. Electronic documents may be stored directly on the employee's computer, on a server in either a shared or individual drive, or on recordable media, such as diskette and CD-ROM.
Internet Usage. Because the Internet environment is difficult to audit and to ensure standards of privacy and security, X reserves the right to monitor or examine all Internet access by authorized individuals (including outside contractors) to maintain satisfactory network performance and ensure compliance with company policy, as well as legal restrictions.
General or Random Monitoring. Currently, general or random monitoring of electronic communications generally is not conducted by X, but X reserves the right to do so at any time. Monitoring is conducted only by authorized personnel in a manner that supports internal investigations regarding the proper use of X's computing resources and searches for inappropriate use. In the event of incidental discovery of inappropriate content in the course of daily business, Human Resources should be notified.
Requests and Approvals. Requests and approvals for monitoring must be submitted in writing, either by paper document or by e-mail. Approval authorizations are outlined in the Authority Tables at the end of this Business Policy.
Designated Monitor. The person(s) who will perform the monitoring of the electronic communications in question will be designated by the approver, based upon the appropriate skills required for the investigation.
Confidentiality. All incidents of monitoring electronic communications are to be kept confidential and should not be disclosed to other individuals inside or outside of the company.
Prohibitions. Possession and use of unauthorized monitoring software and hardware is strictly prohibited. Unauthorized use of encryption or decryption software or other technology designed to mask or unmask content or activity with intent to avoid monitoring or detection is prohibited.
4. OTHER MONITORING TECHNIQUES. In addition to assuring quality work performance, monitoring and other techniques may be used to investigate workplace problems, suspected dishonesty or other matters related to employment. X also may use employees or third parties to act as customers in order to monitor the quality of service provided. This may be done in person, by telephone, or by other electronic means. The transactions may be recorded. Employees cannot make any recordings without proper authorization from the Human Resources Department.
5. VIOLATIONS. Although searches or monitoring may be necessary from time to time for business purposes, any employee who gains access to electronic resources or other confidential information without proper authorization, or for a purpose other than a legitimate business purpose, will be subject to discipline, including possible termination for the first offense. Further, failure or refusal to cooperate or unauthorized participation during searches or monitoring constitutes gross misconduct and may result in discipline, including immediate termination of employment.
from 1901 to 2007. Soembody please advise me if I am on the wrong track and our company computer policy works. Our existing computer policy is similiar to the one above whcih I will be happy to share if that is what you are looking for.
My understanding is that the rules do not require companies to formulate any particular policy, or to state what their policy is (again, these rules govern the procedures surrounding litigation, not business practices generally, and they apply to all parties in all federal civil cases, not just to businesses, and not just in employment-related suits). The issue is that, where electronically stored information is destroyed or lost pursuant to a "routine, good-faith operation of an electronic information system." So, for example, if your system automatically keeps back-ups for only one month and then deletes the old info, you can't be penalized for that loss of information, as long as there was no threatened litigation at the time. HOWEVER, if litigation is threatened, then the company must take affirmative steps to prevent the information from being destroyed (i.e., stop the backups from erasing every month). Of course, what constitutes "threatened litigation" may be an open question - some might say that any time an employee is terminated there's a threat of litigation. ;-)
In any event, the reason having a specific policy would be useful would be to avoid allegations of purposely deleting or destroying information. The rules don't *require* a company to have a formal policy, but if you don't have electronically stored info a plaintiff is requesting, and it's due to routine destruction of such information, you'll need to explain that. And if you can point to a concrete policy that states that you routinely destroy info after x days, things likely will be easier on you than if a court has to take your word for it (or than if, after five years of keeping every document and computer file, you've suddenly decided to purge everything a few months before a lawsuit is filed). But this isn't the sort of policy that would go in a handbook or anything; it would just be a formalization of whatever practices the company uses regarding its electronic information. Relatedly, it may be a good time to evaluate company policy with respect to electronic information, since if you have something in place regarding the routine deletion of info, you can avoid potentially having to collect and disclose years' worth of electronically stored information if a lawsuit is filed.