As the concept of technology set to delete content automatically becomes more mainstream, there is significant potential for accusations of inappropriate destruction of evidence in the context of litigation, or criminal or regulatory investigations. Individuals and organisations who opt to use ‘ephemeral data’ and may do so for legitimate reasons need to ensure that legal holds are respected and that they have considered legal defensibility.
If we have all learned one thing since 25 May when GDPR came into operation, it is that data should not be held onto without good reason. This requires a change in mind set for most organisations and it brings into focus the emerging phenomenon of self-deleting tech. There are now many apps offering encrypted messaging with built in automatic deletion and we are likely to see an increase in email providers giving ‘self-destruct’ options, such as Google’s new Gmail Confidential. Aside from the new imperative to delete unnecessary data, there are plenty of good reasons why an individual might choose to use ephemeral messaging. The question is how defensible is it from the perspective of a court, regulator or enforcement authority.
There are some specific duties to hold records for defined periods, such as for tax purposes or in particular regulatory contexts, with which ephemeral messaging may interfere. The obligation to hold secure all potentially relevant documents once litigation is reasonably contemplated is well established under Irish law. Where litigation is reasonably contemplated or already underway, parties must hold all potentially relevant data and documents secure. The destruction or deletion of relevant material may expose the party involved, or their solicitor, to serious sanction. Items that no longer exist must be listed clearly, so that they are reasonably identifiable, on oath. Material over which privilege can be asserted also needs to be separately listed and identified on affidavit.
Solicitors owe a duty as officers of the Court to ensure full and frank discovery is made. This means that solicitors must ask the right questions of their clients at the outset of litigation, to ensure that they understand how they communicate and to identify what material exists or may exist, and what does and does not need to be retained. Where a party to litigation uses an ephemeral messaging tool, use of the tool may need to be suspended or kept under review as part of any legal hold. Similarly organisations may need to develop protocols around the use of ephemeral messaging tools for business purposes.
In the context of regulatory or criminal investigations the use of ephemeral messaging may give rise to significant issues. An organisation may not know that it is the subject of an investigation at any given time. Even where the fact of an investigation is known, the organisation may not have clarity regarding the scope of the matters under scrutiny and the scope of the investigation may change, bringing in material that might not previously have been considered to be within scope. The fact that relevant material has been deleted may increase the risk of sanction in respect of the offence in question, or give rise to sanction for contempt of court. The use of ephemeral messaging, which may be quite innocent, may nonetheless suggest that the person involved ‘had something to hide’ and the organisation might find that important communications that might tend to exonerate have been lost through auto-deletion.
Organisations should seek to understand how their personnel communicate with regard to their business, whether ephemeral messaging is in use and whether it may impact upon legal holds. Document retention policies may need to be revisited to provide for automatic deletion and legal hold notices should specifically refer to the need to suspend auto-deletion of potentially relevant data.