Organizations have begun to realize the value of implementing defensible disposition programs to eliminate data that has low value. When properly handled, disposition programs can reduce the costs and risks associated with retaining data stockpiles. However, disposition initiatives that lack safeguards to ensure relevant information is preserved for litigation could leave an organization vulnerable to disaster. The recent terminating sanctions order from Estate of Moreno v. Correctional Healthcare Companies spotlights this point, along with key steps companies should consider to ensure disposition initiatives are truly defensible.
What is Defensible Disposition?
Defensible disposition focuses on eliminating information that has low business value and that need not be retained for legal, regulatory, or other business purposes. The Sedona Conference characterized defensible disposition as follows:
Organizations may avoid retaining information that is not subject to retention or preservation obligations. Regular disposition of obsolete information is simply an information management best practice, related to good housekeeping and Information Governance . . . (emphasis added).
Because companies “should, in the ordinary course of business, properly dispose of information that they do not need,” disposition is generally considered an indispensable aspect of an effective information governance program.
And yet, disposition cannot be carried out in a vacuum. Organizations need to be aware of data retention obligations that may conflict with a disposition initiative. These obligations may flow from any number of sources including government regulations, internal governance objectives regarding organizational data, and common law preservation duties in litigation.
The last item—preserving relevant information once a duty to preserve has attached in connection with pending or anticipated litigation—is particularly challenging. Preservation obligations may arise urgently and could require documents to be kept that a disposition program might otherwise eliminate. Unless the organization deploys safeguards like custodian interviews, checklists, and audit trails, it could inadvertently or intentionally delete relevant information. Moreno is particularly instructive on this issue.
Moreno v. Correctional Healthcare Companies
In Moreno, plaintiffs sued providers of inmate health care services for failing to deliver adequate care for their teenage son who died in defendants’ custody. The key evidence included internal emails that defendants’ staff exchanged regarding the victim during the eight days he was incarcerated and under defendants’ care.
Defendants, however, could not produce most of the requested emails because they failed to preserve them. After plaintiffs served written discovery, defendants implemented a sweeping disposition program that (with limited exceptions) eliminated deleted emails older than six months and all other emails after one year. The program included a provision ostensibly requiring employee email accounts to be placed on litigation hold where required by a common law preservation duty. Nevertheless, the program did not include safeguards to ensure a hold was actually placed on custodian mailboxes. For example, the program did not require:
Instead, defendants’ in-house counsel generated a form letter to outside counsel (“Hello Colleague”) asking for the identities of custodians whose documents should not be deleted. In-house counsel’s letter did not divulge any details about the recent enactment of or the sweeping nature of the disposition program. In-house counsel eventually placed only one custodian from Moreno on legal hold; a single nurse who had been named as a defendant.
Upon the disclosure of this information, plaintiffs moved for terminating sanctions under Federal Rule of Civil Procedure (FRCP) 37(e)(2). While defendants did not dispute that sanctions were justified given the circumstances, they argued that terminating sanctions were inappropriate. In support of their position, defendants pointed to the form letter sent to outside counsel, along with the national nature of their disposition program. Because the disposition program applied to all employees—not just those who staffing the jail in Moreno, defendants argued that there was no intent to deprive plaintiffs of the deleted emails.
The court, however, rejected both arguments and entered default judgment under FRCP 37(e)(2) against the two organizational defendants. The court held that a mere form letter—devoid of any details regarding defendants’ disposition program and their clear intention to “avoid ‘discovery risks’”—was insufficient to negate a finding of “intentional loss or destruction” of the emails at issue. Moreover, the court found the national nature of the disposition program likewise failed to counteract evidence suggesting an “intent to deprive.” As the court observed, defendants’ in-house counsel—simultaneously tasked with responding to plaintiffs’ discovery and executing defendants’ email disposition goals—should have, but did not take steps to preserve relevant emails beyond placing a single custodian on legal hold. Under these circumstances, the court inferred that defendants’ email destruction was designed to “avoid their litigation obligations.”
Safeguards to Ensure Disposition Programs are Defensible
Moreno teaches the importance of deploying safeguards to ensure an information disposition program is truly defensible. An organization could deploy one or a combination of safeguards to better ensure the defensibility of its disposition program.
For example, checklists that identify potential ESI sources and that memorialize key custodians in anticipated or pending litigation can help triage information that should be separated from other materials subject to scheduled disposition. Custodian interviews can also help identify relevant information that could otherwise be overlooked and thus subject to disposition.
Generating a form that memorializes legal hold steps is another useful safeguard. By following the steps reflected in the form during a particular lawsuit, an organization can create an audit trail documenting the precise measures the organization has taken to preserve relevant information. This, in turn, can better demonstrate the organization’s defensible removal of relevant information from a scheduled disposition.
Finally, organizations may consider other quality control measures such as requiring that multiple stakeholders confirm they have taken proper preservation steps in a particular lawsuit. Indeed, Moreno demonstrates the folly of placing all decision-making in the hands of a single stakeholder. Having multiple checkpoints among internal staff, along with the involvement of outside counsel, may help an enterprise avoid the disposition disaster that resulted in terminating sanctions in Moreno.
Estate of Moreno v. Correctional Healthcare Companies, No: 4:18-cv-5171, 2020 WL 5740265 (E.D. Wash. June 1, 2020).
 The Sedona Conference, Commentary on Defensible Disposition, 20 Sedona Conf. J. 179, 187 (2019). Driven’s Tara Emory directed the preparation and was a principal author of content for this Commentary.