The Sedona Conference, a non-profit research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, and intellectual property rights, now provides guidance on the disposition of physical and electronically stored data with publication of Principles and Commentary on Defensible Disposition (Public Comment Version, August 2018), and is seeking public comment.
In 2014, The Sedona Conference issued its Commentary on Information Governance Guidance which provided (in Principle 6) that “effective, timely, and consistent disposal of physical and electronic information should be a core component of any Information Governance program.” (The Sedona Conference, Commentary on Information Governance, 15 SEDONA CONF. J. 125, 146 (2014) At that time, little guidance was offered on what constitutes “effective, timely, and consistent disposal.” The Comment to Principle 6 provided that “if there is no legal retention obligation, information should be disposed as soon as the cost and risk of retaining the information is outweighed by the likely business value of retaining the information.” (p. 147)
It is clear when there is pending litigation, or the reasonable anticipation of litigation, companies and organizations have a duty to preserve electronically stored information relevant to the matter. (See Fed. R. Civ. P. 37(e)). A duty to preserve may also arise under federal or state statute, regulatory obligation, foreign law, or business contract.
However, understanding when data can be defensibly disposed (or destroyed), absent an affirmative duty to preserve, is less obvious. The new Principles and Commentary on Defensible Disposition help an organization determine what should be considered when preparing disposal guidelines. In particular, a disposal (or data destruction) program must consider the risks and costs of retaining data weighed against the value of continued retention. According to the Principles of Defensible Disposition, with the costs of storage of data continually going down, it may be easier to conclude that it is a safer choice to store more data than is necessary, in the interest of being cautious. However, the authors point out that data multiplies exponentially in the ordinary course of business and can easily become petabytes or more of stale or unnecessary information. Increased volumes of data can slow down company systems and employees searching for needed information. Additionally, in the event of a security breach, governmental investigation or litigation, retention of unnecessary electronic information can significantly increase the cost and burden associated with these matters. For example, in a security incident, breach notification requirements and more will likely increase. Similarly, in the case of litigation or government investigation, discovery costs will increase when excessive amounts of irrelevant data are included in processing, searching, and reviewing for production.
There is no one-size-fits-all approach to defensible data disposition or destruction, and each organization’s guidelines should be tailored specifically to their industry and specific needs. However, it is clear that data disposition and destruction are a vital component of a sound Information Governance program. A summary of The Sedona Conference Principles and Commentary on Defensible Disposition is available here.
For information regarding deletion or destruction of electronic data in a forensically sound manner, please contact us at info@bit-x-bit.com or call 412-325-4033.