Tagged: email

5 Questions about Information Governance in 5 Minutes: What’s The Best Way to Fail at Information Governance?

Here is the fourth video in our five-part series where I asked 30 Information Governance experts the same question, then produced a 5 minute video of their responses. As you watch the series, it is very interesting to see the common threads that weave through the answers, depending on the role and the type of organization the interviewee comes from.

This Message Will Self Destruct. Or Will It?

Update: Interesting article from NY Mag claiming that SnapChat is, “absolutely blowing up right now” on Wall Street because “the chances of incriminating material ending up in the hands of a boss or a compliance officer – or in a Daily Intelligencer story, for that matter – are low.”

————

This weekend I was finishing up my next opinion piece for the fine Law Technology News. My piece is about how making more and more data “easily accessible” is both essential for Big Data to fulfill its promise and also a huge risk to privacy, intellectual property, and so on. Look for that in the next issue.

Part of what inspired me to write about this was the success of Snapchat, a mobile app that lets users “chat” using photographs instead of text. Neat idea, but the twist is that the images automatically disappear after 1-10 seconds (the time is set by the sender). As  you would imagine, Snapchat has gained a reputation as a teenage sexting tool, despite some indications otherwise. I set it up to see what all the fuss was about, and cajoled my wife to install it as well. Frankly I would say that any service that automatically deletes any self-portrait I have taken after turning 40 is doing me a huge favor. Anyway, Snapchat was quickly copied by Facebook, with its Poke application, although Poke seems to be less popular than Snapchat to date.

I did some more digging around in this space, and it turns out there are a number of startups focused on so-called self-destructing messages. For example:

  • Vaporstream offers “secure recordless messaging” technology aimed at enterprise users
  • A startup involving Phil Zimmerman, crypto-hero and creator of PGP, called Silent Circle offers secure mobile voice and messaging, including “burn notices” for text messages
  • Burn Note: self-destructing email
  • Wickr: self-destructing texts, pictures, video
  • Gryphn: self-destructing text messages, with screenshot capability disabled
  • Privnote: web-based, self-destructing notes
  • Tigertext: enterprise-focused secure texting with message timers
  • Burner: temporary phone numbers for calling and texting (hat tip to Bill Potter at The Cowen Group for pointing me to the last two on this list)

The category of “disappearing email” has been around at least since the late 1990s. In that era, a company called  “Disappearing Inc.” got a lot of attention, but was not successful. A similar company called Hushmail from that era is still around, but suffered from some bad press when email that users thought had been “disappeared” was turned over in the course of a lawsuit. In any case, neither company ushered in a new era where email automagically goes away. However, given this new crop of startups, I wonder: were these 90s companies ahead of their time, poorly managed, or just a bad idea?

On the corporate side, I don’t see a large appetite for this kind of technology. I have had this conversation with clients many times, and although they love the idea in concept, they are very worried that using the technology will create the appearance of evil (just as the first thought we naturally have about Snapchat is that is must really be for sexting). Executives in particular feel that the use of the technology creates the impression of having something to hide. Perhaps if email had had this capability from the beginning, the risk would not be there. Corporate culture is conservative by nature, and no company wants to draw attention to itself in this area.

This fear is not without justification. Many general counsels are fearful of deleting any corporate email messages at all, which is why many of the world’s largest and “well-managed” companies have hundreds of terabytes of old email sticking around.  Remember that in the world we live in, prosecutors sometimes chastise companies for not keeping all their messages forever because, after all, tape storage is “almost free.” There certainly is a case to be made that spoliation fears are generally overblown, given the number of times spoliation actually leads to a a fine or judgement, but the fear of throwing away the wrong thing is not groundless. Getting rid of junk defensibly requires a logical, justifiable process.

Unless an organization is in a highly classified environment, I think most general counsels and their litigation partners would tremble at the thought of explaining why most of the company used “normal” email but their executives/salespeople/take your pick used “special” email that disappears. It does not pass the smell test. Selective use is problematic.

On top of that, you have users who find operational benefit from having records of their business activities in email. You also have the emerging world of Big Data, where email in aggregate potentially has big value if you get it onto Internet-scale infrastructure and point the right tool at it.

In any case, check out the full piece when it runs in the next issue of Law Technology News.

Author: Barclay T. Blair

Updating Our Information Governance Survey

Building off of the Information Governance survey we did last year, eDJ Group and my firm, ViaLumina, are conducting another survey on Information Governance, and we would really appreciate your participation. This survey should take 5 minutes or less. As a thank you for participating, you will be entered into a drawing for a $250 gift card.As a reminder, I have included below some of the most interesting infographics that we generated based on our last survey – please feel free to steal them and use them in your presentations (with proper attribution of course) as you build your case for Information Governance.

Defining Information Governance

Is Autoclassification the Future of Information Governance

How well do you understand your email system? Litigation is not the time to find out.

“Had [outside counsel] fulfilled his obligation to familiarize himself with GFI’s policies earlier, the forensic searches and subsequent motions would have been unnecessary.”

In re A & M Fla. Props.[i]

1.1     What happened?

Two companies agreed to a $41 million real estate transaction. However, before the transaction closed, the sellers refinanced the properties in such a way that the buyer would have to assume the seller’s loans. Litigation ensued, with the buyer claiming this maneuver violated the terms of the deal, and the seller claiming that the buyer knew about this upcoming change all along. As such, email messages between the parties during the transaction became critical.  However, in the course of discovery, the buyer and their lawyer repeatedly failed to fully search and produce email evidence, and failed to do so in a timely manner. As such, the court fined the buyer – and its lawyers.[ii]

1.2     What went wrong?

The failure to promptly and comprehensively produce required email evidence in this case appeared to come down to a failure on the part of the buyer’s lawyer to fully understand how his client’s email system worked, i.e., where, how and for long email messages were stored. The lawyer also appeared to have little knowledge about the contents of his client’s email policies. Although responsive messages were eventually produced, final production took over 22 months, and was ultimately the basis for the court’s sanctions. In the court’s view, “while the delays in discovery were not caused by any intentional behavior, [the buyer and their lawyer’s] did not fulfill [their] obligation to find all sources of relevant documents in a timely manner,” and thus sanctions were warranted. In this case, it appears that the delays were exacerbated by a series of issues, including:

  • Messages that employees moved to archive and deleted items folders were not initially searched, although such messages remained on the email system.
  • The sellers questioned the efficacy of the buyer’s email production efforts, as the sellers had several messages in their possession from the buyer’s employees that the buyers had not produced.
  • Even when a forensics expert was hired to conduct further investigation into responsive email, he was not told about the archive folders, and thus did not search them. Subsequent searches of the archive folders revealed thousands of additional responsive messages.

1.3     What can we learn?

The time to learn about the intricacies of your email system is not during litigation. The buyers in this case dodged a bullet of even more severe sanctions including the complete dismissal of the case. Their lack of knowledge about their own email system caused them to inadvertently flirt without outright spoliation, which would not have helped their cause in the face of a judge already tired of the frequent production delays.

We can draw an important lesson from this case. In this example, the sellers produced messages sent to them by the buyer, yet according to the court, the buyer failed to produce those same messages. This understandably raised serious questions about 1) the efficacy of the buyer’s information governance program, and 2) whether or not they were intentionally hiding these messages, as the seller claimed. This teaches us that even small failures in one area of our information governance program can cast all of our efforts in a bad light and reduce the persuasiveness of our case.

Other lessons from this case include:

  • Formalize and document. Ensure that the operation of your email system is fully and accurately documented. This includes practices related to the retention, preservation, and deletion of email from the system and related systems including those responsible for backup, archiving, and records management.
  • Work with your email experts. Ensure that email administrators provide the information that senior IT management needs to understand the email system, and that this information is understood by counsel.

 


[i] In re A & M Fla. Props. II, LLC, 2010 WL 1418861 (Bankr. S.D.N.Y. Apr. 7, 2010)

[ii] At time of original writing, the amount of the fine had not been agreed upon nor published, but it would be based upon the cost of forensic search, costs for bringing various motions, etc.