Tuesday, December 16, 2008

Why "I'm Sure the Data Will Be Fine" is Not an Actual Data Retention Policy

What would be your guess about the kind of email and data retention policies Apple has in place? It's a company that carries a lot of secrets, so you might expect that they would have a lot of very comprehensive and strict rules in place. Well, guess what? They don't.

A new twist to the Apple vs. Psystar antitrust case shines a harsh light on Apple's policies - or really, lack of policies. A federal Judge recently tossed out Psystar's countersuit, which brought to surface notable facts about some of Apple's internal policies. In a recent article, "Psystar case reveals Apple's questionable policy on email retention," The Standard goes into detail about a recent legal filing in which Apple discloses their e-mail and data retention policies.

If you look to page seven of their filings (embedded below), you will notice that Apple's policy limited the courts ability to accurately discover data relevant to this case:

"At Apple, individual employees are tasked with maintenance of their own files including hard copy documents, emails, voicemails and other electronically recorded materials. Apple has not implemented any programs that result in the automatic deletion of emails."

See? No real policy. Now, I'm sure Apple employees are basically a trustworthy bunch, but I'd be willing to bet that properly retaining their email and data is not topmost on their list of things to worry about. In fact, I'd be willing to bet a new Mac that data retention is bottommost on their list. Even if it isn't, everyone probably does it differently, so there's no unification of methodology.

The newly amended Federal Rules of Civil Procedure make this lack of a cohesive internal policy a corporate liability, because sanctions can be imposed for improper reporting of Electronically Stored Information (ESI). While Apple has an army of lawyers on hand to help them with the legal side of being possibly non-compliant, I am surprised that a company as secretive as Apple isn't on the forefront of the new compliance rules. Actually, I wonder if Apple's lawyers even have a data retention policy of their own. The reason for my surprise is that the tools required for compliance would help them maintain their secrets at an internal and external level. Those tools are available today, and they can automate and unify data retention policies even for a widely geographically dispersed organization.

Evidently, Apple does have a policy for placing legal holds on ESI. It also surfaced as a result of this case, furthering their possible compliance nightmare.

"Apple identified a group of employees who could potentially have documents relevant to the issues reasonably evident in this action. Apple then provided those individuals with a document retention notice which included a request for the retention of any relevant documents, including but not limited to emails, voicemails and other electronically-recorded materials relating to the issues in this lawsuit."

0 comments:

Blog Archive

Categories