FRCP Rule 34 [amended 12/08] and e-Discovery Revisited

By Dorman Wood, CEW, CCE

On April 19, 2010, CBS investigative reporter Armen Keteyian reported the story of digital copiers and their hard drives as a possible source of data breaches. At that time, there were no publicly known cases of data breach. Subsequently, CBS learned that a copier they had purchased was previously owned by a large health company and that the machine's hard drive contained client medical information, as well as information on then current and former employees. The same copier was found to contain hundreds of pages of non-medical information, including driver's licenses and social security cards.

FRCP Rule 34 (amended 12/08) describes electronically stored information as "any designated documents or electronically stored information - including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations-stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form." 1 Given the information presented in Mr. Keteyian's story, it seemed timely to revisit Rule 34 and the impact that rapid technological advances can haveon e-discovery.

Taking Rule 34's definition of electronically stored information in its broadest form, discoverable data potentially resides on or within any electronic device that is capable of creating, receiving, sending, capturing or storing data. Such devices can include, but certainly are not limited to: iPads, smart phones, PDAs, fax machines, scanners, printers, zip drives, flash drives, CDs, servers (including data warehouses), main frames, legacy systems, lap top computers and desk top computers (don't forget business computers being used remotely from home), orphaned or dormant systems, or "electronic landfills.".

The majority of copy machines manufactured and sold since 2002 contain a hard drive which captures images of the documents fed through it. To the ordinary daily user, this doesn't mean much. However, to the creditor or attorney who is prosecuting or defending a creditors' rights action, it means a great deal ; data to bolster his or her case.

If you are wondering if your firm is using any of the newer copiers, a quick Google search turned up the following list (which should not be considered as all inclusive):

Konica Minolta
Ricoh
Xerox
Samsung
Dell
HP
Oki
Fujitsu

While most, if not all, present-day copiers have a feature which allows data to be scrubbed from the hard drive, it is
doubtful that it is frequently used, if at all.

Increasing regulatory compliance is forcing more and more companies to review and update their policies and procedures for the security of confidential corporate data. Government regulations include: HIPAA (Health Insurance Portability and Accountability Act), effective 4/14/01-intended to safeguard patient health records; FACTA (Fair and Accurate Credit Transactions Act of 2003), effective 6./1/05–primary purpose is to help consumers fight identity theft and consumer fraud; GLB (Gramm-Leach Bliley) - designed to compel financial institutions to respect the privacy of its customers and to protect customer's nonpublic information; SOX (Sarbanes Oxley), effective 7/30/02. Also known as the Public company Accounting Reform Act. Noncompliance of these regulations carries a variety of penalties, including fines and federal prison time.

Companies reviewing and updating their policies and procedures should make sure they contain comprehensive document and retention protocols with strong compliance mechanisms that meet the requirements of "disclosures and discovery" under FRCP Rule 26., which states in part…."a party, must, without awaiting a discovery request, provide to the other parties: (I) the name and, if known, the address and telephone number of each individual likely to have discoverable information-along with the subjects of that information-that the disclosing party may use to support its claims or defenses, unless the use would be solely for impeachment; (ii) a copy-or a description by category and location-of all documents, electronically stored information, and tangible things that the disclosing party may use to support its claims or defenses, unless the use would be solely for impeachment.." 2

The Sedona Guidelines: Best Practice Guidelines & Commentary for Managing Information & Records in the Electronic
Age suggest "an organization's information and records management policies and procedures should be realistic, practical and tailored to the circumstances of the organization," and "an organization's policies and procedures must mandate the suspension of ordinary destruction practices and procedures as necessary to comply with preservation obligations related to actual or reasonably anticipated litigation, government investigation or audit." 3 Personnel involved in such review and updating should include a representative cross-section of company departments, not just IT staff, as well as outside counsel.

One aspect of compliance with orders of discovery and production frequently overlooked by companies is the potential cost. Depending on the complexities of the claim or defense, companies must weigh the overall cost of pursuing or defending a claim. Such analysis should focus on the costs of reviewing and analyzing data that may be relevant. The analysis would in all likely hood include determining the accessibility of the data, stored format-hard copy, electronic media, etc., as well as the personnel required for the recovery process.

Suggested reading for companies reviewing and updating their policies and procedures of data management:

• Arkfeld on Electronic Discovery and Evidence (2nd Ed.), March, 2010
• Arkfeld on Electronic Discovery and Evidence (2nd Ed.) treatise and Best Practices Guide
• The Sedona Guidelines: Best Practice Guidelines & Commentary for Managing Information & Records in the Electronic Age
• The Sedona Conference Glossary: E-Discovery & Digital Information Management (2nd Ed.)
• The Sedona Principles: Best Practices Recommendations & Principles for Addressing Electronic Doucment Production

CREDIT MANAGERS GONE ROGUE:

Individuals working within the credit management profession have long considered themselves to be honest and ethical in performing their daily duties. However, like most any professions, people do occasionally "stray" from the "straight and narrow" path and commit offenses against their employers. The temptation to steal from or defraud an employer happens in organizations of all sizes. While the division of duties among credit department personnel is usually a deterent of this type of activity, loop holes can occur.

Take the case of the credit executive who was accepting kick-backs from a collection agency that was being used
exclusively to collect his employer's bad debts. This activity came to light by accident while the credit executive was on vacation. A new employee at the collection agency called the credit executive to ask where his check should be sent-to the company address or his home address. Since the credit exec was on vacation, the call was referred to the CFO's office. The credit executive was subsequently fired, but escaped prosecution through a deal to make full restitution.

In another case, a credit supervisor who was responsible for "all department functions" was caught embezzling by
depositing customer checks into her personal bank account through ATM deposits, then writing off the customer's account balance to the bad debt reserve. Her activities came to light when an astute employee of a customer's accounts payable department happened to notice the "strange" endorsement on the back of a check that had recently been sent to the creditor. The CFO of the credit supervisor's company was notified and an internal audit disclosed that over $50,000 in customer payments had been converted for her personal use. A plea bargain with the county DA's office involved probation and restitution in lieu of a trial.

In today's economic environment, companies may not always have adequate staffing to separate critical functions within their credit departments. However, technological tools are available to perform many functions; wire transfer payments, credit card payment systems, and lock box systems to name a few. If staffing is sufficient, internal processes and functions can be assigned to create checks and balances; I.e., an individual with credit approval authority cannot create new customer accounts in an accounts receivable system; an accounts payable person who has invoice payment approval cannot create new customer accounts in an accounts payable system; establishing authority at multi-levels for bad debt write-offs are a few examples. Credit executives are encouraged to review the current functions of staff members to close "loop holes" that may have been previously overlooked.

1 - www.law.cornell.edu/rules/frcp/Ruel34.htm
2 - Federal Rules of Civil Procedure, 2007, U.S. Government Printing Office
3 - www.TheSedonaConference.org/publications_html