Your Data Is Gone, But It’s Not Forgotten

Deleted e-mail and computer files have a nasty habit of coming back at the most awkward times — like in the middle of a lawsuit. What can you do about it?


When you feed a piece of paper into a shredder, the resulting pile of strips is good for little more than packing material. The chance that anyone will be able to reassemble the original page is just about nil. Not so with electronic documents, which, like B-movie zombies, have a nasty habit of coming back from the dead long after you thought you’d gotten rid of them. Just ask Oliver North, Monica Lewinsky, Bill Gates (MSFT), Enron (ENE) and Arthur Andersen executives, or anyone else whose deleted e-mails and files were dug up to become part of the public record.

The reason electronic files are so permanent has to do with the way they’re stored on your computer. When you delete a file, you aren’t actually erasing the file itself. Instead, you’re just removing a pointer that the computer uses to find the file’s data on your hard drive. The data itself still exists — at least until it gets overwritten by another file. Deleting a file is a little like scratching out part of a book’s table of contents in an attempt to erase a chapter — the pages are still bound into the book. E-mail messages are even harder to delete, since multiple copies of them often exist not just on your computer but also on servers, backup tapes, and recipients’ computers.

Several firms, including Ontrack Data International, Electronic Evidence Discovery, and Guidance Software, have made a business out of “computer forensics” — recovering deleted files for companies that are embroiled in litigation, undergoing regulatory review, or attempting to document workplace misconduct.

In some cases, engineers from these companies slip into their customers’ offices after hours to do their sleuthing, like high-tech Sam Spades. They make a copy of the hard drive under investigation, then take that version to their lab for analysis, leaving behind no evidence that might tip off a subject that he or she is under surveillance. Back at the lab, computer forensics experts analyze the data on the mirror-image hard drive, looking for “orphaned” data that was deleted but not completely erased.

“A good reason we’re in business is that people don’t understand the permanence of e-mail and immortalize things in it that they would never put down on paper,” says Ontrack legal consultant Kristin Nimsger. And computer forensics is a burgeoning business. Ontrack estimates that 93 percent of all business communication in America happens in electronic form, through e-mail as well as user data such as text files, spreadsheets, PowerPoint presentations, and so forth. Most of that data never even makes it onto a piece of paper.

But if you run a company, it’s important to conduct this kind of forensics properly in order to meet newly emerging legal standards for electronic evidence. The mere attempt to examine a computer may alter the data being examined — for example, just turning on a Windows PC changes hundreds if not thousands of files on the hard drive. If your company is conducting an investigation, you should hire experts (Ontrack charges $3,000 per hard drive examined) or, at a minimum, buy specialized software to do the job (Guidance sells a forensics program for $2,500).

Companies can also get themselves into trouble with old backup tapes. Your IT department probably makes backups of your company’s servers every night, storing the tapes in a secure closet somewhere. Reusing old backup tapes is a common practice, but it destroys any information previously stored on them, which can be a problem if you need the data later (for instance, when your company gets sued). On the other hand, saving every single one causes another problem: How do you find relevant data in a huge pile of tapes?

The answer is to set clear policies regarding what kind of information needs to be saved and for how long — and to destroy everything else effectively before it piles up. It’s essential that your IT department be fully involved in developing and enforcing such policies, particularly if you’re in the middle of litigation.

For electronic data, at least, nothing ever truly dies — it just gets recycled into something else. Dealing with that reality will be a big part of every company’s legal responsibilities in the coming decades.

Link: Your Data Is Gone, But It’s Not Forgotten

Link broken? Try the Wayback Machine.

Your Data Is Gone, But It’s Not Forgotten