The Cost of Risk: Watch what you write

You face a lawsuit over an accident. Your driver clearly made some mistakes, but the plaintiffs attorneys haven’t found any basis for a negligence claim against your company. So settlement talks are under way. Then as part of the discovery process, a computer forensics expert unearths a deleted e-mail exchange on the day of the accident between your operations manager and the driver’s dispatcher to the effect that the driver wasn’t feeling well, but it was a “hot load” so he needed to take it. Uh-oh. It turns out that the e-mail exchange wasn’t deleted until after the lawsuit was filed. Big uh-oh.

In the world of computers and the Internet, privacy is largely an illusion. When the Justice Department sued Microsoft for wielding monopoly power, the government bolstered its case by introducing incriminating e-mails sent by various Microsoft managers – even Bill Gates himself. The lawsuit didn’t have disastrous consequences for Microsoft, of course. Rather, what’s noteworthy is that this is the world’s most powerful computer-related corporation. More than anyone, Microsoft managers should have known that electronic documents leave a trail that’s far harder to cover than a trail of paper.

The problem wasn’t that Microsoft managers were ignorant of the technology. Instead, like the operations manager and the dispatcher, it simply never occurred to them that what they said might end up in court.

Deleting e-mails and files and emptying PC “recycling bins” isn’t enough. Copies of documents may reside elsewhere on the computer, and copies of e-mails as well as documents may reside in network and e-mail servers that might even sit in a room hundreds of miles away. Even if the document can’t be recovered, a computer might log its previous existence, and that alone could be trouble.

Also be careful of what you post on your website because you may live with it forever. For example, a website known as the Internet Archive (website) hosts a feature called the Wayback Machine. Type in your company’s URL, and chances are you will find several versions of your site each year for a number of years into the past.

Technology is a double-edged sword. Following natural disasters – or just periods of stupidity and neglect – companies have been able to use software that helps them recover lost data, but the same software tools can help computer forensics experts piece together data and files that might have been deleted accidentally – or deliberately.

And that’s another problem. If a computer forensics expert concludes that you had a document that might be relevant to the case but that you deleted it, you could face a claim for spoliation – willful destruction of evidence. In general, juries are free to assume that data or documents you destroyed were damaging to your case.

Software programs commonly known as “wipers” or “digital shredders” can help erase virtually all traces of an electronic document, but ideally companies should use them only as part of a formal document retention policy. And you should have a document retention policy. As computer storage has become cheap, it’s tempting to back everything up on PCs, CDs and DVDs. Don’t. Define what needs to and should be kept, and systematically discard everything else.

Your efforts to curb risky communication will never be bulletproof. Still, your safest bet is to instill in your managers that they shouldn’t commit to writing something that they wouldn’t want a plaintiffs attorney to read.

For more information on computer forensics, see the Wikipedia entry at this site.