Short message and ephemeral data aren’t going anywhere and in 2022, the number of active users on Microsoft Teams alone grew 743 percent compared to 2020. The rapid growth of platforms from Teams to Slack and Google Chat have been well documented both inside and outside of e-discovery, with these platforms surging to prominence at the beginning of the COVID pandemic when organizations needed remote collaboration tools.
Now, nearly four years later, we are still catching up on how this data should be preserved, collected, and stored—and as litigation tends to go, the data requested today was often created 3+ years ago. It was only a matter of time before the requests would start to trickle in and the higher regulatory bodies would need to chime in.
Responding, perhaps just in time, to this evolving landscape of collaboration platform usage, the Federal Trade Commission (FTC) and the Department of Justice (DOJ) recently announced updates to their standard preservation letters and specifications. These letter updates apply across a variety of use cases—including the dreaded second requests and even grand jury subpoenas—aiming to address the hurdles associated with properly identifying and preserving data from tools like Slack, Teams, Google Chat, and Signal. Manish Kumar, deputy assistant attorney general of the Justice Department’s antitrust division, put it plainly in the announcement:
“The Antitrust Division and the Federal Trade Commission expect that opposing counsel will preserve and produce any and all responsive documents, including data from ephemeral messaging applications designed to hide evidence. Failure to produce such documents may result in obstruction of justice charges.”
How Did We Get Here?
Now more than ever, you need to know what you are getting into when you use messaging platforms with ephemeral functionality. While quick delete and disappear policies can be an attractive way to effectively cut down on operating costs, you also need to consider a broader preservation strategy in case the duty arises. Using ephemeral messaging and quick delete policies to avoid the duty to preserve is not an option—you must have a defensible disposition approach.
There are multiple contexts in which ephemeral messaging serves a business need, including reducing breach risk, increasing security, and, of course, decreasing costs. The key consideration is that organizations need to update their data retention policies with an eye toward addressing the applicable scenarios with the FTC and DOJ guidelines in mind. These guidelines should not come as a surprise; in 2021, the Sedona Conference covered this topic, noting the steps organizations should take to handle the usage of ephemeral messaging and concluding that “reasonableness and proportionality should govern discovery obligations.”
But what happens if you don’t have your ducks in a row, and what should you do to avoid negative consequences? Even though government requests have covered this type of data previously, some organizations haven’t put their best foot forward to comply.
Essentially, if you don’t effectively preserve your short message and collaboration data, you’ll be subject to potential spoliation sanctions—which could include monetary penalties, adverse inferences, or even obstruction of justice charges—and possibly face public rebuke, which can hurt your brand in the court of public perception. Recent case law has continued to add credence to the idea that you must have a reasonable preservation strategy in place and not act with intentional disregard for such preservation requirements.
In Drips v. TeleDrip, the court found that a party’s failure to preserve Slack data was intentional when they changed the data retention policy to a shorter duration time after they became aware of litigation. Due to this, the court mandated an adverse inference instruction be given to the jury—which can be the downfall of a case. Don’t ignore collaboration platforms and ephemeral messages when evaluating your preservation obligations!
What Should Legal Teams Do to Preserve Short Message Data?
The biggest question is: in practice, what does this all mean? We’ve pulled together five things to consider as you build your approach to defensible disposition:
- Know what applications your company uses and who manages it. Ask to be made aware of any IT productivity application decisions being made—like adopting a new chat platform. By mapping out your potential preservation sources and who owns those platforms, you will better understand where to look and what might need to be preserved. Being proactive goes a long way.
- Be aware of how the platforms work and store data. For instance, be aware that individual Teams messages live within user exchange mailboxes and the attachments live in their OneDrive, while the Teams channel data lives within its own group mailbox and the attachments within the SharePoint site. Knowing how platforms run and store data will get you ahead of any potential confusion downstream.
- Get involved in data retention policies. Aim to balance the costs and benefits of adopting a new collaboration platform and the work that goes into actively managing it. By understanding the data retention policies of the platforms, you can effectively advise custodians and departments on best practices for use. You’ll also be a step ahead of the game when your preservation obligations get started.
- Document a process for identifying and preserving information—and communicate that process. When the time comes to preserve, know who needs to be involved, what questions to ask, and what “switches” need to be flipped to effectively preserve data. This is often a cross-functional project, necessitating the need for a purpose-built preservation solution like Relativity Legal Hold. Once it’s documented, communicate it! The more your team knows about what should happen and when, the better.
- Know how you’re going to collect the data. Whether using manual exports from those platforms or defensible collection software like Collect in RelativityOne, you’ll sleep better at night if you know you have the tech you need to do this right.
The gist of it, though? Nothing much has changed. The announcement reinforces what we already know: you are obligated to preserve relevant data throughout a government investigation and litigation. What the guidance did do is explicitly extend the existing obligations to include the challenging task of preserving data subject to quick-delete data retention policies (e.g., Slack messages automatically deleting after six months) or even instant deletion (e.g., ephemeral messaging like Signal). The preservation obligation doesn’t stop just because something is difficult to preserve.
Learn more about defensible disposition strategies and best practices in our upcoming webinar, “Defensible Disposition in the Age of Modern Data,” on February 21, 2024, at 12:00 p.m. CT. Register here.
Maks Babuder is a product leader at Relativity, where he helps guide the development of products that help legal teams mitigate risk, reduce costs, and manage growing tidal waves of data.
