"You’ve Got (No) Mail"

Is Your Company Exposed To Spoliation And Non-Compliance Claims?

As if collecting and storing archived data for eDiscovery or FOIA requests was not challenging enough, our techs are now advising us that most email data migrations are inherently flawed, potentially resulting in corrupted email files. Further, companies are unlikely to realize this until it is too late, namely when they are accused of spoliation during a litigation or unable to properly produce records sought by a governmental authority.

The culprit here is something known as a “stub” or “shortcut”; a mechanism created by email archiving vendors intended to shrink the size of an organization’s mail server. During the archiving process, the majority of an email message (the body of the message), as well as any attachments, is removed from the mail server. The portion of the message that remains in the user’s mailbox – the stub - contains pertinent information such as the sender, recipient and address as well as a “pointer” to the full message (and its attachments) on the archive server. When the user clicks on the stub, the full message is retrieved from the archive and displayed in the user’s mailbox – just like a regular message.

The problem arises during the migration process where the majority of migration vendors (including the mail platform vendors) recommend deleting the stubs; after all, the message is safely stored in the archive – isn’t it? In cases where clients refuse to delete their stubs (primarily out of concern for end users who expect continued access to their mail, including archived mail), the vendors put the archived message back into the user’s mailbox and delete the stub. Users are happy and the problem is solved.

Not so quick! This approach actually results in a new document being created that has a different time stamp. Worse, the user may have modified the stub – put a category on it, put a follow up flag on it, changed the subject, changed its importance, put it into a different folder. When the stub is deleted, its metadata - all of its attributes that have been created since the message was archived - is deleted with it. Another sobering fact is that the electronic trail of this manipulation is easily identifiable on the chain of custody.

If you are not sensing the urgency here, consider an every-day scenario when your IT Officer is asked to certify the integrity of a document during a litigation or in reply to a document demand and, under oath, certifies it to be original and complete. Later, it is revealed that the document was “re-created”, metadata has been lost and you had the ability to change the document through your migration process. Your company is now exposed to claims of spoliation of evidence. This can result in a court finding an “adverse inference” whereby the plaintiff is free to infer an incriminating fact, simply by virtue of the absence of the document.

You can imagine a blistering cross examination of your client when an adversary learns that your IT department recreated the document and could actually have altered it and its attachments at a later time. Perhaps more importantly, the alteration or destruction of the document can trigger any one of a host of state or federal laws requiring the preservation of electronic records.[1] 

While many states and countries have their own regulatory schemes and penalties for such violations, consider the U.S. Sarbanes Oxley Act (SOX) which has specific email retention policy guidelines. [2] In relevant part, if your company “knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record…” with intent to impede any investigation or administration of a matter, the company may be fined or even be subject to criminal imprisonment for up to 20 years. Companies that are involved in securities are also subject to Financial Industry Regulatory Authority (“FINRA”) regulations which also have fines and penalties for alteration of documents.[3]  

Avoiding this exposure requires asking the right questions of your IT and migration services vendors:

• Do you migrate stubs or do you migrate all of the email and attachments?
• Do you maintain data within the original environment requiring us to maintain two repositories of information?
• When rehydrating a stub, do you maintain the changes made after it was archived?
• When rehydrating stubs, do you “delete and create”, creating a new message?

Bottom line: the ONLY compliant and legally acceptable approach to stubs and shortcuts is to migrate and rehydrate them, ensuring that none of the metadata is lost and the original create date is preserved.

James M. McCarthy, Esq., General Counsel

[1] [see compilation of State and federal laws]

[2] [ See SOX, Section 802]

[3] [See FINRA- Rule 2010 and NASD Conduct Rule 3010