As sanctions mount for those who have run afoul of the new e-discovery rules, debate is raging about criminal liability. To some, the threat is very real. They recommend extreme caution. To others, it’s nothing more than a scare tactic. They say the threat of incurring criminal liability over an e-discovery issue is slim to none. Who is right? I’ve neglected to link articles from both sides of the debate. The reason; it’s not my place to criticize the writers – they make very strong arguments, for and against. It just so happens that, in my opinion, the answer is somewhere in between. Perhaps the reason many people think that criminal liability is unlikely to attach flows from the possibility that they’re not thinking broadly enough. In other words, they’re not taking into account who might be ensnared in the e-discovery net. The logic works in reverse. The higher up in the e-discovery food chain you are, the more likely you’ll be eaten. The small fry aren’t likely to get themselves in trouble, barring egregious conduct of some sort. The standard of what would rise to the level of a criminal act may be high – but the liability exists. So, who should be looking over their shoulder? The White House (possibly violating the Federal Records Act), A former Broadcom Corporation executive (accused of obstruction of justice) and former Credit Suisse First Boston investment banker Frank Quattrone (also accused of obstruction and witness tampering) who endured a four-year ordeal for encouraging his employees to essentially ‘clean up those files’. And the lawyers? Six of them were referred to the State Bar of California for possible ethical violations in the Qualcomm v. Broadcom case. A crime? No, but facing various penalties up to and including disbarment, my guess is it feels like a crime to them. If you reviewed the links, you’ll note that I’m not necessarily concerned with whether the principal was convicted of – or plead guilty to – committing a crime. It’s scary enough just reading what actually happened – or could happen. We’ve all heard the term, “Ignorance of the law is no excuse.” That rule-of-thumb applies to e-discovery also. One can commit a crime without realizing it. If you’re a tech, and the boss tells you to delete data – and you simply follow his orders – if he instructed you in order to hide wrongdoing, he’s likely to be in trouble, but what about you? If the facts are as stated, probably not. But what if your company has an ESI policy, your boss’ instruction violates that policy, you know this, but you do it anyway? Did you just become an accomplice to a crime? Will the common explanation, “I was just following orders” get you off the hook? Obviously, we’re not taking a crash-course on criminal law today. There are so many hypothetical scenarios that could occur, with so many different facts that it would be impossible – and irresponsible on my part – to attempt to tackle all of them in a blawg post. What I endeavor to do is to impress upon you that a snap decision that didn’t make you think twice in the past could burn you in the future. ESI for it’s own sake doesn’t normally make one think of crimes. But now, we’ve entered a new arena. The law is involved, and if data “goes missing” in this context, your adversary – or the court – may infer that something fishy is going on. Is it worth the time, expense, stress, loss of reputation and threat of incarceration? The outcome is beside the point. Even if you’re exonerated, where do you go to get your lost time, money and reputation back?