Eweek just featured an article on compliance with new e-discovery requirements in the Federal Rules of Civil Procedure. I use the term "new" very loosely, as these rules have been in effect for over a year. The take-home message of the article, though, was that a majority of businesses are either unaware of, or are ignoring the rules. For those of you in the former category,
The new regulations, ordered by the U.S. Supreme Court in April 2006, mandate that businesses must be able to quickly produce such data—including e-mail, digital word documents, images and digital audio and video—when required by litigation in a federal court.
While the Eweek article is focused on American business, the rules apply to educational institutions as well. The rules are quite sweeping and have even been interpreted by some as applying to anything that sits, however briefly, in a server's or computer's RAM on your network. This would include instant messages in addition to the data noted above. While this appears to be an extreme interpretation, there remains some wiggle room in terms of what we actually need to archive. Unfortunately, this wiggle room exists because no legal precedents have been set testing these rules as applied to educational institutions.
Wiggle room aside, the article quotes IT researcher, Michael Osterman:
Many recent court cases have shown that companies are expected to show a clear retention policy, Osterman said.
"I don't think it's difficult to understand the [FRCP] rules," Osterman told eWEEK. "Or that business owners don't know about them. I just think that it sometimes takes 'headline shock' to make people move on some things—especially when we're talking about 'potential' liabilities.
"In other words, if it hasn't happened to them yet, it hasn't happened."
So what does your policy look like? Are you just archiving emails? Taking regular snapshots of your file servers? Retaining instant messages or just plain blocking casual e-communications? Talk back below and take the poll.