Encrypted Email Increases eDiscovery Risk

Many companies I speak with mention the fact that they have some small percentage of their email traffic in an encrypted format. This can be either because of company or regulatory requirement or even more, because employees don’t want the content read by the company.

Encrypted email can represent a major risk in a corporate civil litigation if the company doesn’t have the encryption key.

The new Federal Rules of Civil Procedure admendments specify that ALL potentially responsive documents including email be secured and turned over as part of the plaintiff’s discovery request. If encrypted email exists that for whatever reason can’t be decrypted,  to the Court its as if you had deleted that email.

If the Court deems the email messages destroyed because your company did not have the encryption key, then you run the risk of having the Court issue an adverse inference. This is an instruction to the jury that they can assume you could not or would not provide the decrypted email because you did not want them to see it.

This is never a good situation. To lower this risk, be sure to include this possibility in your email use policy. The safest policy is to forbid email encryption unless the company has specifically approved it and then only with approved encryption technology.

Tags: adverse inference, decrypted, eDiscovery, Email, Encrypted, FRCP, key, litigation, Risk

Written on Friday, November 7th, 2008 and filed under Bill Tolson, eDiscovery.
You can follow any responses to this entry through the RSS 2.0 feed.
You may leave a response, or trackback from your own site.