19 November 2001
20 June 2013
4 October 2013
27 November 2013
22 July 2013
19 November 2013
The email is a mixed blessing for the lawyer involved in litigation and regulatory investigations. The volume and informality of it is appealing to anyone attempting to find the 'smoking gun', but a regulated business may wish it had never been invented when a regulator can use enforcement powers to search quantities of emails covering a period of years. Unfortunately, most corporations' email practices and retention policies are not prepared for the burdens of disclosure in either a litigation or a regulatory context.
In litigation, the starting point is that an email is a 'document' for the purposes of disclosure. Under rules of standard disclosure, it will be disclosable if it is to be relied upon, supports or adversely affects any party's case. The party giving disclosure will have an obligation to conduct a 'reasonable search'.
The underlying problem stems from methods of storage. Readily accessible emails are stored, for example, in the employee's Inbox in Microsoft Outlook, including sub-folders and items in the Sent Items and Deleted Items folders, and in email archives on the company server. Even if they have been deleted, emails may still exist on hard drives or backup tapes. Most companies retain a weekly or monthly 'snapshot' of the server, stored on tapes. To search the tapes involves restoring the server and running new searches, which must be repeated for each tape. While this captures emails believed to have been removed many months before, the task could take weeks or even months to complete, at considerable cost.
This burden is felt most keenly in a regulatory context. Most regulators, including the Office of Fair Trading and the Financial Services Authority (FSA), will have powers of varying scope to demand email delivery. This can be costly for the target company. Few targets will wish to hand over documents without conducting their own review first. Simply handing them over is anathema to most organisations. The client would be in the dark as to its own position and would run the risk of irrelevant, but sensitive or privileged, communications being revealed. It may be possible to agree and limit the scope of the regulator's request, for example by agreeing to limit the search to certain individuals and searching them by agreed terms and excluding backup tapes from the search, in the first instance at least. However, given the volume of emails produced on a daily basis, even this narrowing down of a search request can lead to the production of literally thousands of emails.
This type of informal agreement will be little comfort to those who find themselves subject to a search by warrant powers. These may entitle the regulator, for example, to seek tapes and download or take away copies of all electronic documents they consider to be relevant, including those stored on individuals' laptops and palmtops, and they may require company employees to provide their passwords for this purpose. The search tools currently available allow investigators to retrieve from the hard drive all the emails of a specified individual in a specified period which refer to a key word or another individual. More sophisticated tools also exist, including password identification and code-breaking software.
The risk of loss of privilege is now no protection in the context of criminal investigations. The Criminal Justice and Police Act 2001 entitles investigators to seize all information and in practice to leave arguments about privilege to a later date. A company asserting privilege in the context of a search may find its backup tapes being 'blue-bagged' and reviewed offsite. The mechanism may not be perfect here. Once inspected by an officer, a document will probably be disclosable as unused material in criminal proceedings. This spells a cautionary note for those civil lawyers dealing with the FSA in the new Financial Services and Markets Act regime bestowing powers of criminal prosecution on the FSA, or to competition lawyers in the proposed criminal regime for anticompetitive behaviour.
In this climate, the protections are thin. Excessive demands for information stored on emails can be challenged as being disproportionate. However, although such arguments are relatively common in the US, they remain untested here. In the meantime, companies should review their email guidelines and retention policies, and in particular they should avoid retaining backup tapes for any longer than necessary.