On April 13, 2006, the US Supreme Court approved amendments to the Federal Rules and Civil Procedure to treat electronic documents in the same manner that paper documents have been treated in the discovery process. The changes went into effect Friday December 1, 2006 and force companies to have email, instant messages, electronic chat correspondence, and other forms of electronic documents and communications available when requested for federal trials. State and local jurisdictions may use the new rules as a guiding set of principles.
Although the changes to the FRCP do not articulate a specific penalty for violation, companies who’re unable to produce electronic documents during litigation could suffer losses, be unable to prove a claim, or could result in contempt of court rulings or technical violations.
This has practical application and real significance upon IT data archive and retention policies. For example, in my experience as a technology director, in the past, I would advise corporations to develop control policies that permanently deleted email records after 45-day time frames. The court would defer to our own data archive and retention practices to justify the reasonable duration for retaining such records, meanwhile, allowing the corporation to naturally expunge potential email evidence that could be requested during discovery. This action wouldn’t be criminal, it was practical: doing so limited the scope of liability for the company and the complexity of the data archive. If the data was unavailable based on our own policies, then they were reasonably unavailable for discovery.
Now, following the December 1 changes, this can no longer be recommended. These rules confer an obligation to disclose electronically-stored information and retain these records as we would paper records of similar content. Even legal holds in discovery now apply to electronic records which can force companies to preserve e-records in advance of audits, investigations, or litigations. In short, the legal landscape has changed and companies must be prepared to review their data retention and archive procedures for a major overhaul in 2007. Companies should:
1. Review their data classification policies to identify electronic forms of communications that fall under the new e-discovery guidelines. Time frames for retention, responsibilities for access, destruction guidelines should all be stipulated. This has even more significance if the company falls under HIPAA, GLB, FERPA, and other forms of protected personal private information (PPI) regulatory procedures.
2. Adjust their data archival and retention policies to reflect new expectations for data lifecycle. This would include first-round data backup procedures for business continuity, then second-round data archival for business continuity, then third-round procedures for historical preservation. The connection between the classification policy and the retention policy should be clear: classification identifies the data to be handled and sets guidelines for its handling; retention and archival policies execute technical procedures to reflect classification mandates.
3. Review and adjust business continuity and disaster recovery policies to restore specific forms of data outlined in the data classification policy following a disaster event.
4. Review media destruction processes and establish a clear record for media serialization, retention, and destruction, as a part of the retention and archival policy.
In summary, the business should demonstrate a clear line of management intent that:
1. Identifies information and data sources considered as reasonable targets for discovery;
2. Sets clear policies on how to use, retain, preserve, and destroy such information and data sources;
3. Sets unambiguous procedures that execute the classification, retention, and archive policy.
| 
