The myriad of data coming in and out of an organization is exponentially growing year after year. Not only is there email data and the slew of attachments that come with it, but also plenty of other files employees have on their countless personal and professional devices, including laptops, smartphones, flash drives, shared platforms…the list goes on. It can, and often is, overwhelming just thinking about the complex infrastructure that comprises an entire interconnected data map that could house potentially relevant ESI.

So, how do you decide what to keep, what to archive, and what to destroy? This is the essence of a defensible deletion strategy.

Let’s start with a quick overview of what a defensible deletion strategy is, then move into what the FRCP says about maintaining and deleting ESI, and lastly a couple of considerations for developing your company’s defensible deletion strategy.

What is a defensible deletion strategy?

defensible deletion strategy is “a comprehensive approach that companies implement to reduce the storage costs and legal risks associated with the retention of electronically stored information.” In other words, your defensible deletion strategy should aim to avoid court sanctions, while at the same time eliminating ESI that has no business value. Makes sense.

So, what is the Federal Rules’ position on this topic?

Federal Rule 37(e) is the safe harbor statute for defensibly destroying or deleting ESI. Rule 37(e) reads as follows:

(e) Failure to Provide Electronically Stored Information. Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.

Courts have made it clear that the deletion of material, which is not presently under a legal hold and which is not required for a statutory or business purpose can, and should, be deleted. There should be no fear of sanctions for defensibly deleting data.

For example, in the case of In re Pradaxa (Dabigatran Etexilate) Products Liability Litigation, the company destroyed its former vice president’s documents pursuant to their document retention policy. When the plaintiff, argued spoliation due to the deleted documents, the Court concluded that the company was under no duty to preserve these documents at the time and had only acted according to its defensible policies.

Considerations for Implementing a Defensible Data Deletion Strategy

While this all seems to make sense and sound completely logical, it’s easier said than done. Establishing a repeatable procedure, completing a full data mapping audit of your organization, having and implementing a streamlined and efficient legal hold policy, and then actually pulling the trigger to delete documents in accordance with your defensible deletion strategy are all critical steps in getting this right.

Courts have made it clear that the deletion of material, which is not presently under a legal hold and which is not required for a statutory or business purpose can, and should, be deleted. There should be no fear of sanctions for defensibly deleting data.

Consider the following components for your strategy:

1. Your overall information governance policy, including a defensible deletion strategy, complements and reinforces your company’s unique business approach. One size doesn’t necessarily fit all in this department. Your process should be an ongoing assessment that is tailor-made to your business, comprehensive, and effective.

2. Your retention policies have a direct correlation to your company’s openness for risk, operational costs, and costs of litigation. Holding onto valueless and unnecessary data is likely to open you up to having to restore that data and search it for little to no reason, except for the fact that you are still storing it. Maintaining and supporting storage of unnecessary data is an operational cost that can be alleviated with a sound defensible deletion strategy; and, likewise, the cost of eDiscovery can be controlled when you are following a defensible deletion strategy by narrowing how much data is targeted for collection and ultimately processed and hosted.

3. Start small. Rome wasn’t built in a day. You must have a strong understanding of what information your organization has and where it’s stored, then you can develop your overall IG policy and slowly define what your reasonable deletion strategy will be.

Talk to your colleagues and other professionals to see how they tackled information governance and defensible deletion. Professional organizations such as ARMA continually share a wealth of information on establishing best IG practices. Lastly, consider leveraging technology and analytics to identify documents you’re looking to purge to reduce liability or retain due to current litigation holds.