Over the years I’ve been asked to provide practical advice to companies and executives about what to do and not do prior to or during a regulatory or criminal investigation. I’ve seen quite a few mistakes made during investigations by law enforcement, so I came up with my own list of Ten Commandments: things an executive or company should NOT do “When the “Feds Come Knockin’”. I’ve covered the first two in earlier commentary. Now let’s look at Commandment #3.
Don’t Delete: Collect the Data
Regulatory and Criminal Investigators at the federal, state and local level are looking for both direct evidence and circumstantial evidence that regulations, crimes or both have been violated. Direct evidence points directly to a finding that a regulation or crime has been committed. Circumstantial evidence is a chain or set of facts that circumstantially leads to a conclusion that a regulation or crime has been committed. On the other hand, a person or company accused of civil misconduct, regulatory or criminal violations may have direct or circumstantial evidence that entirely exonerates a person or company. When a company or executive first learns of an investigation or inquiry, one of the first steps that should be taken is collecting and securing any and all electronic data and documents that might exist regarding the particular matter under scrutiny. Oftentimes, this might result in the collection of hundreds of thousands and even millions of pages of information. For example, in one recent case we received a “document dump” that consisted of over one million pages. Although it was a painstaking process, the review of those documents and ultimate identification of key documents turned the case around in our client’s favor.
After collection of the data, be sure to secure the data.
And avoid, at all costs, accidentally or intentionally “losing” that data. During the last decade, emails, text messages and social media postings have proven to be the sources of the “smoking gun” in civil, regulatory, and criminal cases. The communications might include attachments that are incriminating or reveal an intention or belief that is harmful. Sometimes, targets, subjects or witnesses in an investigation may not want the world to know about something that has been said or sent by email, text or in a social posting. Some believe they can get away with having said or done something by deleting an email or text message. The reality is the information may already have been copied or “captured” by the viewing or receiving party. And with modern technology, forensic analysts can often recover deleted information. From there, the law enforcement investigator can use not only the actual “incriminating statement or posting” but also show that the person attempted to destroy the negative or harmful evidence. In civil cases, the destruction of evidence or “spoliation” has become a huge issue. Once a case or investigation has begun, Judges have latitude in determining what legal action to take when a person involved in a lawsuit has deleted data that is relevant to the case. The Court can sanction or fine a person or company and even dismiss or enter a judgment against a party in a civil or criminal case for having destroyed or having failed to protect evidence that should have been collected and saved. At the very least, a judge can give a jury instruction that when evidence tends to show that a person was in the exclusive possession of certain information and said person misplaced, destroyed or “corrupted” the information, the jury may infer that the (destroyed) evidence would be damaging to that person. In other words, the jury can infer the person had some improper reason to get rid of damaging evidence. In high profile and cases of great financial significance, the act of an executive or a company deleting emails, text messages or voice mails can be devastating.