Data Preservation and Spoliation: How to Maintain Security in a WFH Environment

By Joe Skalski

Now that we’re well into the new work-from-home (WFH) norm, FRONTEO has been thinking about data preservation and spoliation. 

While we are all adapting to the new norm, there is little knowledge about how courts will view these unprecedented times down the road.  Companies with precise retention plans and other documentation in place regarding proper preservation for the newly minted WFH employee will likely fare better than employers that simply shifted to allow workers to work remotely without the proper technological safety nets, policies, and procedures.  Pleading ignorance or making the argument that “we didn’t have time to develop a policy” likely will not be viewed favorably.

Many employers scrambled to facilitate WFH because there was not sufficient time to properly scope and map out the migration. Many CTOs, CIOs and IT staff worked around the clock to provide their employees every opportunity to be successful at home while balancing risk. Progress was quickly made because many of these technology professionals understood that their respective businesses would come to a grinding halt if their employees could not work from home.

Some employers have been more detailed than others, especially those that already allowed WFH or supported remote employees.  Others were forced to start from scratch, developing protocols on the fly, while supporting this new norm. 

A third group of employers that did not possess the proper technology or infrastructure, simply told employees with a laptop and a home Wi-Fi connection to go forth and conquer.  Many employees that went to their offices on a Friday, started working from the kitchen table the following Monday. They became painfully aware of the internet bandwidth limitations of their home internet service while they were learning how to not get Zoom-Bombed.  Data preservation and spoliation was not even on their list.

So, with all that in mind, let us quickly revisit what defines spoliation.  According to FRCP Rule 37, in order for spoliation to occur, the following conditions apply:

  • a party must have had control over potentially relevant ESI
  • the party must have been under a duty to preserve that ESI
  • the ESI must have been lost, destroyed, modified, or altered
  • the loss must be due to the party’s failure to take reasonable steps to preserve the ESI
  • the ESI must not be able to be restored, recovered, or replaced through additional discovery


There are several ways in which spoliation can occur, whether intentionally or not:

  • deleting files, emails, messages, or other information
  • overwriting files
  • throwing away a computer, tablet, phone, or other device
  • modifying files
  • modifying file metadata

Do you see any bullet points above that might be magnified in the new norm?  Yikes! We do, too. 

In the past, many employees did not need to think about preservation. They knew that, somewhere in the background, all of the documents that they created on their company-issued device were maintained on some server, somewhere. 

Now, depending on whether or not an employee is connecting to their company’s network, the content they are creating while WFH may reside solely on the laptop they are now using at home.  Not only is this in issue for preservation, it is also an issue of ensuring against data loss. 

So, what are some possible suggestions to avoid inadvertent spoliation?

  1. First, double check with your employer to determine if they have deployed new / modified retention plans relating specifically to WFH employees. If there were newly developed or modified plans, you’d likely have been notified.  These policies may be getting updated daily or weekly, so knowing what the current policy is will help you support the proper preservation mindset.
  2. Second, inquire what data storage resources your employer has provided you for secure storage.  See if you are still connected to your company’s network.  Make sure that what you are working on at home is being replicated there.
  3. Third, as part of many licenses to O365, OneDrive is included. This is especially important for remote workers saving directly to and only to their laptops.  Make it a habit to back this data up if you’re not connected in some way to your company’s network where the normal backup process occurs.

And while we anticipate some lasting long-term impacts, we are guiding our clients through the shorter-term ones.  We are transparent about how we have securely adapted our service offerings to be shelter-in-place compliant, from our managed document review to forensic collections capabilities – including remote collection of mobile device data. We continue to work together with our clients, to proactively adapt to a new norm. 

About the author: Joe Skalski is the Senior Director of Engagement Management at FRONTEO.  With nearly 21 years’ experience in legal process outsourcing and e-discovery, he has worked on some of the largest and most heavily contested e-discovery matters to date. Reach him at jskalski@fronteo.com.