Including the sentence above in a litigation hold letter would feel a little preposterous – and maybe a bit like a 1960’s vision of the 21st Century. At the present, of course, the necessity of preserving information contained in even the most advanced kitchen appliance would seem nonexistent. As more everyday items are imbued with wireless communication and data storage capabilities, however, we will confront new challenges in preserving data for litigation and in establishing document retention policies.
“The Internet of Things“ (http://www.wired.com/2013/05/internet-of-things-2/) (“IoT”) is a term used to describe the concept of advanced connectivity between all sorts of devices – and even living things – resulting in a constant stream of data. No direct human-to-human or human-to-computer action is required for the data transfer. There are many, many potential applications for this technology, and business analysts have predicted huge growth in this industry by 2020. (http://www.businessinsider.com/growth-in-the-internet-of-things-2013-10#!K5zyJ) This year’s Consumer Electronics Show featured several new IoT gadgets, including a “smart” tennis racket. (http://www.latimes.com/business/la-fi-ces-internet-things-20140105-story.html#page=1)
For companies involved in litigation and their lawyers, however, more data sounds less than appealing. Companies continue to struggle with adequate preservation of relatively straightforward data, such as emails or electronic files. Practices such as technology-assisted document review are gaining traction with litigants and with courts and are helping to minimize the massive costs and efforts spent on ESI review, but they are not yet widely adopted. (http://www.americanbar.org/content/dam/aba/administrative/litigation/materials/2014_sac/2014_sac/technology_assisted_review_the_judicial_pioneers.authcheckdam.pdf)
For the average company, data preservation under IoT may not be all that complicated or expensive, although it is still a consideration when adopting new technology that will create significant amounts of new data. For companies in industries that routinely handle private information, including health care, insurance, and financial services, great care must be taken in understanding how exactly that data can be secured in an ever-widening Internet. How, exactly, will the pacemaker manufacturer protect and/or preserve the patient data that is streaming from the device 24/7?
Every company should consider the following non-exhaustive list when adopting a new technology that may significantly change the amount or type of data created or maintained by the company:
- What is the impact on the company’s document retention policy? How must that policy be changed to address this new data?
- Are there any new data custodians, such as vendors, that need to adopt or be aware of any retention policies or other practices?
- Will the new data be subject to any existing litigation holds?
- How will the “standard” litigation hold letter need to be modified to address this new data in future litigation?
- What are the data security practices for this new data?
- If the company is subject to any particular privacy laws, such as HIPAA or Gramm-Leach-Bliley, how should company policies address this new data?
As should be clear from this brief list, these are litigation-centered strategies. Issues such as customer privacy must also be considered, of course. This list is intended to be a general starting point; it illustrates several areas where attorneys or company executives must be alert for potential issues with new data. New technology brings great advancements in the way we all do business, but it also brings complications in litigation if its impact is not considered in advance.