Category: Records Management

The Four Areas of Risk and Knowledge

4 box black swan

When thinking about risk, I break things into four quadrants. There are things we know and there are things we don’t know as individuals. I then slice slice that further again with the things we know and the things we don’t know as part of the larger organization or conscious state.

Our sweet spot is the the things we know that we know. (The green area on my chart.) Those are our operations. Those are the things we have in the realm of compliance. We may not be fully compliant and dealing with the risk. But it is known.

At the opposite corner are the things that we don’t know that we don’t know. This is the black swan territory. This is an area of danger for an organization. This is a knowledge void and a compliance void. These are risks that we don’t know about. We don’t know the magnitude of the risk and we don’t know it even exists. Our models miss this factor. Our organizations are not paying attention to these risks.

4 box black swan

The other two areas are also interesting.

The things we know that we don’t know is an area that we know we can improve. (The orange quadrant on my chart) This is the area of known ignorance or accepted unknowns. You can manage these risks, because we know them. They have been identified, although not quantified. They may be on the list of things to address. Or we may just be willing to run naked in this area and are not worried about the risk.

The last area of the things that we don’t know we know is an area of opportunity. (The purple quadrant on my chart) This is risk that they are managing, even if they don’t know that risk exists. Often this will be a risk associated with another risk, either through causation or correlation. If an organization realizes they have this knowledge, they maybe able to create a new opportunity for themselves by discovering it. You do need realize that the causation or correlation may sever at some point, pushing this risk down into the territory of the black swan.

There is also an element of danger in the opportunity area when it comes to records management. These may be the pieces of information getting unearthed during litigation that gets an organization in trouble.

It’s important to realize and accept that there are things we don’t know. The key to bettering the organization is to continually try to reduce the amount of stuff that we don’t know.

I want to credit Liam Fahey, a professor at Babson College and co founder of the Leadership Forum, for the origins of this matrix. He gave a presentation using this analysis to a group of law firm knowledge management leaders in October of 2008.

California Adopts e-Discovery Rules

California

Never mind the budget crisis or handing out IOUs, California has passed its own Electronic Discovery Act. California joins the 30 other states that have decided to include provisions in their rules aimed directly at the discovery of Electronically Stored Information.

The Act amends the California Code of Civil Procedure by expressly permitting discovery of electronically stored information. The goal is to improve discovery measures during litigation and to avoid undue involvement by the court in resolving e-discovery disputes. The Act defines Electronically Stored Information as “information that is stored in an electronic medium” and defines “electronic” as “relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.”

California’s new e-discovery rules closely parallel the federal version. The Act primarily applies the existing rules in the California Civil Discovery Act to ESI and establishes procedures to request and respond to e-discovery.

California’s Electronic Discovery Act is similar to the Federal Rules. The California act also has  Federal Rules safe harbor for the failure to produce Electronically Stored Information.  “Absent exceptional circumstances, the court shall not impose sanctions on a party or any attorney of a party for failure to provide electronically stored information that has been lost, damaged, altered, or overwritten as a result of the routine, good faith operation of an electronic information system.” Cal. Code of Civil Procedure 1985.8 (l)

California Governor Arnold Schwarzenegger signed the Act on June 29 and it goes into effect immediately.

References:

Code of Civil Procedure

Discretion and Compliance

Martin Lomasney
Martin Lomasney

Martin Lomasney created a famous saying on the importance of discretion:

“Never write if you can speak; never speak if you can nod; never nod if you can wink.”

At the time of Lomasney, it was not email but telegrams that were the principal method of electronic communication. But those telegrams just ended up on pieces of paper.

This was also the time before e-discovery. Now every email is subject to ending up in a lawyer’s hand during a law suit.

Think before you hit that send button. Maybe a phone conversation will be better. Or a nod.

Email Compliance 201

liveofficeLiveOffice presented a webinar on records management issues related to electronic correspondence and archiving. (I missed the Email Compliance 101 session.)

First up was  Christina Rovira, Legal Compliance Advisor at CoreCompliance & Legal Services, Inc. She pointed out that SEC and FINRA require investment advisers and broker-dealers to supervise the business activities of their representatives. There is a fiduciary duty to act in the best interest of the client.

FINRA Rule 3010 requires written supervisory procedures including an annual internal audit. This audit includes a review of correspondence (that means email too). Securities Exchange Act of 1934 Section 17a3 & 17a-4 sets standards for retention. FINRA Rule 07-59 (.pdf) addresses the supervision of electronic communications. Investment Advisers are covered under Rule 204-2 with a laundry list of requirements.

The rules are largely risk-based. So you need to focus on new hires and others under closer supervision. In reviewing the communications you want to develop a search lexicon to try to identify issues in the electronic communication. You also want to make sure you exclude privileged attorney-client documents/correspondence. It may be better to store those is a separate repository. They also emphasized that you need to search the text of the attachments as well as the email itself. Attachments generally have more problems.

What to look for?:

  • discussions of performance without disclosure
  • inclusion of testimonials
  • predictions and projections
  • references to past specific recommendations
  • unbalance discussions of risk/reward
  • disclosure of confidential client information
  • breaches of privacy policy

Archiving functionality is key. You need to be sure that you cannot modify or delete email in the archive.

Privacy is hot button right now. Regulation S-P promulgated under section 504 of the Gramm-Leach-Bliley Act implements notice requirements and restrictions on a financial institution’s ability to disclose nonpublic personal information about consumers. State laws are going further. There is California’s SB1 Financial Information Privacy Act and the Massachusetts has 201 CMR 17.00. That means you need to look for social security numbers, drivers’ license numbers, new account forms and client specific information.

They turned to conflicts of interest and insider trading issues. For example, you should focus on communications between the research desks and trader desks.

The panel also pointed out that you need to look as the communication tools to see whether you can capture the communication. If you can’t capture it, then they cannot use. You must affirmatively prohibit the use of the tool. For example, some social networking sites are a problem. A Blackberry is okay as long as you route it through the company’s email and capture the email in the archive.

R. Anthony Seyboth moved on to give the sales pitch for LiveOffice.

Document Retention Policies and Spoliation of Evidence

In a recent case, a court found the implementation of a document retention policy to amount to the spoliation of evidence and imposed the “nuclear” sanction of declaring the suit unenforceable.

In the case of Micron Tech. v. Rambus in the U.S. District Court for Delware, Judge Sue Robinson was addressing the effect of Rambus’ document retention policy on the availability of evidence for the case. Rambus had brought suit against Micron Technology Inc. to enforce a patent held by Rambus on dynamic random access memory.

According to the opinion, Rambus took several months to ramp up for its litigation strategy to enforce its patent portfolio. At the same time, Rambus designed and implemented a document retention policy and began destroying company documents until a time just prior to when it filed the suit.

The case does not invalidate document retention policies. It seems from the facts in the case that Rambus purposefully destroyed records as part of its litigation strategy.

Judge Robinson points out:

“42.  A duty to preserve evidence arises when there is a knowledge of potential claim. Winters v. Textron, Inc. 187 FRD 518( M.D. Pa. 1999). A potential claim is generally deemed cognizable in this regard when litigation is pending or imminent, or when there is a reasonable belief that litigation is foreseeable. . . . As soon as a potential claim is thus identified, a party is under a duty to preserve evidence which it knows, or reasonably should know, is relevant to the future litigation. Nat’l Ass’n of Radiation Survivors v. Turnage, 115 FRD 543, 556-57 (N.D. Cal 1987)”

If a company has a records retention policy it is appropriate for a court to determine if it was instituted in bad faith.

In this case, the Judge found that destroyed documents were discoverable and could have played a role in Micron’s defenses of patent misuse, violation of antitrust and unfair competition laws and inequitable conduct. This evidence would only exist in internal Rambus documents.

The court concluded that “the showing of bad faith is so clear and convincing” and the “very integrity of the litigation process has been impugned.”

To me the key in this case is that Rambus initiated the suit and implemented the document retention policy. You can compare this with Arthur Andersen v. US, 544 U.S. 696 where Arthur Andersen thought it would be subpoenaed but continued shredding documents right up until the time the subpoena was served.  Rambus, as the initiator of the suit knew well ahead of time that litigation was foreseeable.

It is important to consider putting a litigation hold in place before litigation has actually commenced.

Secured Creditor Filings

It recently popped into the news that the lender for the bankrupt law firm Heller Ehrman terminated its UCC filing: Banks May Lose $51 million in Heller Dispute.

On August 3, 2007, a UCC Financing Amendment was filed with the termination box checked. (See a copy of the UCC Amendment.) The lender filed a correction statement in an attempt to fix this problem. Given that the correction was filed in the 90 days prior to the bankruptcy filing, it would be treated as a “preference” under the bankruptcy code. That means instead of being a secured creditor, first in line for its share of the assets, the lender is unsecured and in with a large group seeking a proportionate share of what is left.

If you are a secured creditor (or at least you think you are) you need a program in place to periodically check the status of your filings. You also need an internal process to double-check filings before they are delivered.

Things You Should Never Put in an E-Mail

Molly McDonough of the ABA Journal puts together a list of things you should never put in an email, borrowing from Roger Matus10 Things Never To Put In Email:

  1. “I could get into trouble for telling you this, but…”
  2. “Delete this email immediately.”
  3. “I really shouldn’t put this in writing.”
  4. “Don’t tell So-and-So.” Or, “Don’t send this to So-and-So.”
  5. “She/He/They will never find out.”
  6. “We’re going to do this differently than normal.”
  7. “I don’t think I am supposed to know this, but…”
  8. “I don’t want to discuss this in e-mail. Please give me a call.”
  9. “Don’t ask. You don’t want to know.”
  10. “Is this actually legal?”

If you find yourself typing one of these phrases, perhaps you should delete the entire email. These are catchphrases often used by e-discovery professional to find smoking gun emails.

Computer Illiteracy Is No Defense For Spoilation

You can’t put your hands in the area and say you do not know anything about computers. The Oklahoma Supreme Court recently issued an opinion that a litigant was subject to sanctions: Barnett v. Simmons, 2008 OK 100, 11/10/2008).

The court looked to the standard for sanction in Oklahoma and found no requirement of willfullness. Nor did the federal rule 37(b)(2) require willfullness. The rules merely provide for sanctions if a party has “failed to obey” an order of the court. Willfullness just goes to the severity of sanctions.

For records keeping, you need comply with standards regardless of your individual capability.

Public Hearing on Massachusetts Data Privacy Regulations

The Massachusetts Office of Consumer Affairs and Business has published a Notice of Public Hearing on 201 CMR 17.00, Standards for the Protection of Personal Information of Residents of the Commonwealth. (.pdf)

The hearing is on Friday, January 16, 2009 at 2:00 pm in Room No. 5-6, Second Floor of the Transportation Building, 10 Park Plaza, Boston.

Standards and Best Practices for Records and Information Management

ARMA International maintains a collection of best practice procedures: