What would be your guess about the kind of email and data retention policies Apple has in place? It's a company that carries a lot of secrets, so you might expect that they would have a lot of very comprehensive and strict rules in place. Well, guess what? They don't.
A new twist to the Apple vs. Psystar antitrust case shines a harsh light on Apple's policies - or really, lack of policies. A federal Judge recently tossed out Psystar's countersuit, which brought to surface notable facts about some of Apple's internal policies. In a recent article, "Psystar case reveals Apple's questionable policy on email retention," The Standard goes into detail about a recent legal filing in which Apple discloses their e-mail and data retention policies.
If you look to page seven of their filings (embedded below), you will notice that Apple's policy limited the courts ability to accurately discover data relevant to this case:
"At Apple, individual employees are tasked with maintenance of their own files including hard copy documents, emails, voicemails and other electronically recorded materials. Apple has not implemented any programs that result in the automatic deletion of emails."
See? No real policy. Now, I'm sure Apple employees are basically a trustworthy bunch, but I'd be willing to bet that properly retaining their email and data is not topmost on their list of things to worry about. In fact, I'd be willing to bet a new Mac that data retention is bottommost on their list. Even if it isn't, everyone probably does it differently, so there's no unification of methodology.
The newly amended Federal Rules of Civil Procedure make this lack of a cohesive internal policy a corporate liability, because sanctions can be imposed for improper reporting of Electronically Stored Information (ESI). While Apple has an army of lawyers on hand to help them with the legal side of being possibly non-compliant, I am surprised that a company as secretive as Apple isn't on the forefront of the new compliance rules. Actually, I wonder if Apple's lawyers even have a data retention policy of their own. The reason for my surprise is that the tools required for compliance would help them maintain their secrets at an internal and external level. Those tools are available today, and they can automate and unify data retention policies even for a widely geographically dispersed organization.
Evidently, Apple does have a policy for placing legal holds on ESI. It also surfaced as a result of this case, furthering their possible compliance nightmare.
"Apple identified a group of employees who could potentially have documents relevant to the issues reasonably evident in this action. Apple then provided those individuals with a document retention notice which included a request for the retention of any relevant documents, including but not limited to emails, voicemails and other electronically-recorded materials relating to the issues in this lawsuit."
I think it goes without saying that letting individuals within a corporation manage their own document retention is no more than hoping that the "data will be fine." A recent article from the Taneja Group pointed out how this policy is inherently unreliable.
There is also a great deal of discussion in the blogosphere that tries to blow this news off as a normal procedure for large public companies. The reality is that the rules have changed. A new, more regulative government is being put into place and people are fearful of corporate scandals. This is raising the awareness of why compliance is such a very important factor for public corporations. I think the courts would love to make a juicy non-compliant example of a case like this.
Monday, December 15, 2008
Subscribe to:
Post Comments (Atom)
0 Comments:
Post a Comment