U.S. K-12 Schools Must Comply With e-Discovery Rule

Lucas123 writes "K-12 school districts throughout the US have a daunting IT homework assignment over the summer: Develop systems that ensure their electronic documents, email and instant messages are in compliance with new federal e-discovery regulations, much in the same way corporations have been preparing over the past year. The new Federal Rules of Civil Procedure (FRCP) are expected to be widely enforced by the end of 2007, according to a Computerworld story. '"A lack of preparation could prove dire for K-12 school districts, which oftentimes lack technical proficiency, funding and legal expertise," said Robert Ayers, technology coordinator for the Kingston, Pa.-based Luzerne Intermediate Unit 18 school district.'"

E-Discovery?

[smartbei (1112351)]

For those (like me) unaware of this terminology: (from TFA)

September 2005 updates to the Federal Rules of Civil Procedure (FRCP) require that electronic documents -- including e-mail and perhaps even instant messaging logs -- be available as evidence in civil court cases. Observers note that widespread enforcement of the rules will likely begin by the end of 2007, a year later than expected (see "New e-discovery rules go into effect in December ").

Re:

[mothlos (832302)]

Thank you. I would request that /. editors explain these sorts of things in the body of the news stub. It has always been a problem, but lately it feels like it is getting worse.

Mod parent up!

Re:Poor schools

[Technician (215283)]

Observers note that widespread enforcement of the rules will likely begin by the end of 2007

And those poor districts who barely can provide any computing resources are likely to fold their IT shop as too expensive to maintain due to the legal threat of non-compliance. It's why many schools have a metal and wood shop, most have dropped Drivers Education as part of the regular HS electives.

I took Defensive Driving Drivers ED in High School. Now that I have adopted kids entering HS, we just received a notifi

Heh..

[by Anonymous Coward]

K-12 school districts, which oftentimes lack technical proficiency

In much the same way as birds oftentimes lack gills.

Not just schools

[Bender0x7D1 (536254)]

It is important to realize that these rule changes aren't just for schools - they apply to every company in the U.S..

So, for those of you who are the entire IT department where you work, or if you run your own business as a consultant, (or some similar situation), you might want to pay attention to what is required regarding email and IM retention under the new rules.

Re:Not just schools

[RingDev (879105)]

Hey, if the President's IT Staff can lose e-mails, I'm sure the rest of us can too ;)

-Rick

Re:

[megaditto (982598)]

Are you seriously equating the President's IT Staff to the American public?

Well, for one, the President's IT staff are not suspected of evildoing!

Re:

[mc6809e (214243)]

It is important to realize that these rule changes aren't just for schools - they apply to every company in the U.S.

Yep. And you can include local municipalities, unions, consumer groups, the AARP etc. -- All are corporations.

Re:

[DragonWriter (970822)]

So, for those of you who are the entire IT department where you work, or if you run your own business as a consultant, (or some similar situation), you might want to pay attention to what is required regarding email and IM retention under the new rules.

And you might want to get your information from (for instancE) a lawyer familiar with the rules, rather taking on faith the description of the problem from the PR department of vendors trying to sell "solutions".

Re:

[nurb432 (527695)]

And soon private individuals. Just in case you might be a terrorist, or a IP pirate, or just an undesirable that needs to be tracked.

Re:

[PPH (736903)]

Our engineering firm is a subsidiary of a foreign corporation. They outsource all IT support functions to jurisdictions where the FRCP doesn't apply.

First, Sarbanes-Oxley pushes companies to list in overseas markets. Now this nonsense. Pretty soon there won't be anything left here.

Another law made by non-it people

[guruevi (827432)]

I am assigned to a committee to see how to implement these 'new' laws into our infrastructure. It's really amazing how incompetent these laws are. They require documents to be stored forever or to expire at a certain date, and as soon as it expires, nothing about the document is allowed to be found. So as soon as the document expires, somebody has to go through all backups, tapes, computers, usb sticks etc. and delete all traces of the document.

Not only is it near-impossible to implement, the only possible implementation would be a solution similar to DRM on media, which as we all know doesn't work, since you already have the content at that moment. Of course vendors like IBM and Microsoft would love to sell you their solution (that requires call-back to the central server which has to be accessible from both inside and outside the network (if you would like to use your documents elsewhere than within the office)) which not only costs a horrible amount of money, the implementation itself is flawed (as is any DRM-solution) and has so many requirements that managing and securing the solutions is going to be a major issue.

I think it's disgusting how companies and their lobby push for these impossible laws so they can sell their software.

Re:Another law made by non-it people

[yar (170650)]

The Federal Rules of Evidence aren't quite as unreasonable as people seem to think. IMHO, the article is overstating the effects of the newly implemented rules. Important things to remember are
A) Have a records retention policy, and
B) follow that records retention policy.
If you're a public school, you probably have a records retention policy already. Many schools don't follow those policies for electronic records like they're supposed to, but there's very likely one that exists. Applying records retention policies to electronic media has been a problem with many public schools and many government organizations. It doesn't necessarily require going through one of those vendors or using those tools- it does require planning.

IT people were definitely involved in the creation of these rules.

I'm not sure what you mean that nothing is allowed to be found- that's what the discovery rules address. The new rules of evidence provide ways to share or shift costs of finding that information. In the past, you would have to pay those costs. With the new rules, either those costs are shared, or if it truly would be very burdensome to recover that information, the company seeking that information could pay those costs.

Re:

[spiedrazer (555388)]

See my post below, but the HUGE point that everyone is missing is that the retention ONLY has to do with correspondance concerning ongoing legal action, or issues where it can reasonable be assumed that legal action may arrise! there is NO requirement to log ALL electronic commincations etc. in any way. Everything else this poster said about a retention policy etc. is true. Once you have a retention policy that deletes messages after x days etc. you do need to make an effort to START retaining messages b

Re:

[cayenne8 (626475)]

"See my post below, but the HUGE point that everyone is missing is that the retention ONLY has to do with correspondance concerning ongoing legal action, or issues where it can reasonable be assumed that legal action may arrise! there is NO requirement to log ALL electronic commincations etc. in any way. Everything else this poster said about a retention policy etc. is true. Once you have a retention policy that deletes messages after x days etc. you do need to make an effort to START retaining messages bey

Re:

[yar (170650)]

I commented on your message below. ^_^ I agree with your statement that most of this is vendor hype. There is no requirement to log everything in the rules themselves, although there are logging/retention requirements in some laws- SarbOx, FERPA, etc. The shock to most public schools is going to be applying records retention policies to electronic media- something they had to do before, but many hadn't really realized it.

Re:

[oyenstikker (536040)]

You are making the assumption that all data on any particular tape expires at the same time. If that assumption is not valid, then you've got a lot of work ahead of you.

Re:

[jedidiah (1196)]

If you've got that situation, you're already in trouble. You don't need any help from the federal government.

What good are logs?

[delirium of disorder (701392)]

Any Semi-intelligent person will use cleartext for official but non-confidential business at school and work, and encrypt any email or IMs that contain personal information or nefarious plans. If you are stupid enough to send something revealing over a public, corporate, or academic network, you DESERVE to get caught.

Hopefully as more and more people get caught for using cleartext, crypto will be the norm and all these laws requiring logging will become useless for law enforcement purposes.

Re:

[TheNicestGuy (1035854)]

Hopefully as more and more people get caught for using cleartext, crypto will be the norm

In other words, you hope that some judge sets a precedent as quickly as possible for encrypted records to not count as "accessible"? Or better yet, that the justice department gets handed the statistics to convince a clueless legislature to outlaw encryption? I mean, if they're going to require these records to be discoverable in the first place, why wouldn't they require by law that prosecutors and judges can actually read them?

My understanding is that when the rules first go into effect, individual jud

Re:

[profplump (309017)]

You're assuming that I have the key. For interactive things like IMs I lose the ability to decrypt the conversation as soon as I close the window. My PGP key has a longer term, but I rotate them out at least once a year, and I don't keep the old one much after I've created the new one.

And as I read this law, there's no requirement that I keep such keys, so long as my self-directed data retention policy doesn't require otherwise.

Electronic Amnesia

[mbone (558574)]

The only rational response to this 300 page regulation - not imposed, note, by any act of Congress - will be to delete immediately all emails upon reading (unless you are in an industry that already has requirements to store them). Good look for the historians of the future trying to decipher the history of the early 21st Century USA - the Courts required us to delete it.

Re:

[yar (170650)]

I think your post is the biggest worry that hasn't really been addressed yet by the business and legal community. In many ways, these actions encourage companies and government organizations to destroy information. I've seen that espoused by persons in the legal community at large industry conferences: have a strict records retention policy, and follow that records retention policy. There are many companies that offer just those services. Microsoft's new Office integrates with Sharepoint to enforce records

Why is this in the Fed's jurisdiction

[Raisey-raison (850922)]

I was wondering if someone could explain why this is in the jurisdiction of the federal government as opposed to the states. The schools are mostly state institutions. Is it the fact that the email 'crossed' state lines that makes all the difference? What if it is within one state? Does it matter where the severs are located?

Re:

[sgent (874402)]

It applies because schools can be sued in federal court. There is no real requirement here -- but if policies aren't in place, then in federal (and most likely state) courts any email not found can be held against you (assume the worst).

Re:

[by Anonymous Coward]

More than that, but almost all public schools accept Federal funding. As a result, they have to follow Federal rules, or they lose said funding.

Neighbor, you've just taken a lot of words to avoid using the word "extortion".

Re:

[linguae (763922)]

Most public schools receive federal funding. In order to receive federal funding, you must abide by federal rules. This is one of those rules.

Yes, such federal funding requirements are used to bypass the Ninth and Tenth Amendments. For other examples, see the 55mph speed limit (before it got repealed), the 21 year old drinking age, the Clean Air Act and how it relates to highway funding, etc. (and all of the examples I gave are just in the realm of highway funding. There are plenty of other examples.).

Re:

[DragonWriter (970822)]

I was wondering if someone could explain why this is in the jurisdiction of the federal government as opposed to the states.

You want to know why the rules governing civil procedure in the federal courts are in the jurisdiction of the federal government as opposed to the state governments?

Great headline

[Timesprout (579035)]

Now I have visions of all these school kids being given ecstasy pills so that they can discover what drugs are about for themselves. When does the crack discovery program start?

some schools can't pay for good IT people much....

[Joe The Dragon (967727)]

less the hard ware and soft where needed for something like this.

look at that substitute teacher who was facing 40 years for pron pop ups most likely if the School had more or better IT people / payed for the web filter / had some kind of firewall and anti-spyware protections then this may of not happened..

Re:some schools can't pay for good IT people much.

[N3WBI3 (595976)]

some schools can't pay for good IT people much....

The average school in the US spends about 6K per student some of the schools you might consider poor (lets look at DC) spend upwards of twice that. 12K per kid per year that more than double what many elite private schools charge usually only 70% of that (not the kind with ponies and security teams where diplomats send their kids those are in a league of their own).

So when someone says our schools cant afford this or that I have to wonder when a class of

Re:some schools can't pay for good IT people much.

[Kijori (897770)]

The average school in the US spends about 6K per student some of the schools you might consider poor (lets look at DC) spend upwards of twice that. 12K per kid per year that more than double what many elite private schools charge usually only 70% of that (not the kind with ponies and security teams where diplomats send their kids those are in a league of their own).

OK, firstly while the average school spends around $6k per child, this doesn't tell the whole story; the variance in the figures is very large. Suburban schools in New York spend between 10 and 19 thousand dollars per child, while inner city schools in Utah struggle to meet the $3k mark. The schools you might consider poor do not spend "upwards of twice" $6k, they struggle to raise half of it.

Your estimates for the costs of private education are just as far off as your estimates of the money involved in public schooling. I suspect you have been misled by figures bandied about in the school voucher debate - these tend to lump secondary schools with elementary schools and even free schools to bring the apparent price down to less than the cost of a public school. For example, an often quoted figure for private school cost is $3600 per child - this is arrived at by taking the average for secondary school, elementary schools, free independent schools and church schools - all designed to make the secondary school cost look low. In truth, the average fee level of a private secondary school is rather higher at about $5,500. The gap between the private and public sector can be explained by a few things, such as reduction in bureaucratic red tape and potential increase in efficiency, but also by their frequent status as charitable organizations soliciting donations that can increase this to meet the public level, and their selectiveness; if you don't have to deal with unruly or disadvantaged children you can cut costs heavily.

My final point is that you seem to underestimate the costs in the day to day running of a school rather heavily! Just taking into account the staffing takes your available funds down to around $4k per pupil (and remember the schools that only make $3k per pupil originally?). Then you have to buy computers, books, stationary and furniture, run activities, organize school board elections, pay for heating, lighting and water and provide a bus for disabled students who can't get in otherwise. Depending on your location security might be an issue. And your building and equipment don't last forever with thousands of children inside - you need to make it to the end of the year with some surplus in case someone's broken a telescope or put a broom through the ceiling. (Or get insurance - but that will of course cost more than the average year's renovation costs; that's how insurance works).

My point with all this is that schools don't have millions of dollars sitting around in a cupboard somewhere. They aren't choosing not to employ a team of network technicians, it's just that even a small technical staff - say 2 people - eats into your budget by around $80k year if they're good at what they do. That money doesn't appear overnight.

Small businesses

[Normal Dan (1053064)]

It is becoming increasingly hard for small businesses to do any business these days. Not because they are being crowded out by the larger ones, but because one must higher several employees just to do all the paperwork required to run a business.

Now they have to log all electronic communication. Why? How is an email or test message any different than calling someone on the phone or meeting face to face? Will we have to bring a tape recorder to every meeting from now on? When will it end?

If your not a litigant in a federal court case....

[fatboy (6851)]

If your not a litigant in a federal court case, do these rules matter?

Re:If your not a litigant in a federal court case.

[yar (170650)]

If you have the potential to be a litigant in a federal case, then they matter somewhat. More to the point, though, is that state laws generally follow the federal lead on rules of evidence, so expect most states to offer similar rules.

Data DESTRUCTION policy....

[nweaver (113078)]

Rather than trying to archive everything, there is an important alternative, a data destruction policy. You can't discover what doesn't exist.

You just need to have the policy long in place before someone even thinks of suing you.

Re:

[yar (170650)]

Most of these problems exist without these rules. These rules assume that you're already following the law when it comes to records and records retention. SarbOx, medical, privacy etc. and such for private companies, open records, public records, FERPA, etc. for schools and government organizations.

And the rules have provisions for when things aren't completely destroyed. That information can be recovered, if people are willing to pay to discover that information.

Can anyone tell me...

[Darundal (891860)]

...the reasoning behind the provision about expiration? I understand how someone could think that keeping copies of all documents is a good idea (assuming someone who has the technical literacy of a lamp post, AKA avg. govt. worker) but I honestly don't understand where the expiration provision would come from.

Re:

[yar (170650)]

Could you be more specific? What do you mean by the expiration provision?

Were's the P2P mail and IM apps?

[schwit1 (797399)]

Sounds like an opportunity for the open source community.

Okay, but don't overreact

[JavaRob (28971)]

That article freaked me out. Sure, schools... it sounds like a tough situation for them -- but I hadn't even known this was happening for businesses.

I *am* a business. I have my own mail server. I don't think there's anything terribly interesting to the feds in there, but I'll be damned if I want them sniffing around my data!

Quick as a wink, I set up a script that purges and overwrites all stored email, every 5 minutes. Take that, G-man! I sat back in my chair with a satisfied grin.

10 minutes later, I checked for new messages.

Same here.

[pavon (30274)]

I don't know why all these people are complaining about the extra work forced on them by the government. Sure it took a few extra minutes to write an email purge script, but ever since then my work load has dropped dramatically. Every time I think that I have new work I just have to wait a few minutes and it goes away again. In fact my boss just came in to tell me that I don't need to come to work at all any more. Score!

Applicable precedent?

[Phanatic1a (413374)]

Printz v. United States was the case that struck down major portions of the Brady gun-control bill. Appellants argued, and the court agreed, that the law's requiring state employees to engage in extra work in order to compose and retain documentation in order to appease federal law violated both federalism and the concept of a unitary executive.

This seems pretty similar.

ALERT! - This is all VENDOR HYPE!!!

[spiedrazer (555388)]

I manage the networks for a K-12 school district and I am being bombarded by this same info, most of it feuled by vendor FUD!! The Rules of discovery that everyone is referencing do NOT say in any way that all electronic communications need to be stored or archived in any way.

What the rules DO now officially state (which they didn't before last year) is that electronic communications must now be treated the same as traditional paper documentation.

Specifically, that means that you cant destroy any correspondance or record HAVING TO DO WITH AN ONGOING LEGAL ACTION/LITIGATION or that you can reasonaby expect may lead to litigation. For my organization, that is less than one percent of the volume of data I have. All the vendors are saying that we need to archive ALL our e-mails in a searchable database yada yada yada so that we can protect ourselves against some unknown threat that we may be found in violation of these rules. That simply isn't the case. We will be in trouble if we destroy evidenmce in an ongoing legal case, but that is about it.

What we DO need to do is insure that the HR department and others that typically deal with sensitive legal topics understand the rules, and that they should print out and save anything that they suspect could come back to bite us, like adverse personell actions. We also need to insure that building administrators do the same when it comes to discipline actions concerning students etc.

AGAIN, anyone who tells you that you NEED to archive/store ALL e-mail or other electronic documents is at best completely mis-informed (like most of the journalists parroting back the FUD)or at worst trying to scam you directly with their FUD.

Re:

[yar (170650)]

Very much correct. The rules of evidence are nowhere near as draconian as the article or vendors appear to be making them out to be. They actually improve the situation in many cases.

Why do we all have to become cops?

[Sloppy (14984)]

Without such capabilities, he said, "what are these people in these districts going to do when approached by law enforcement saying 'we need to know what John Doe did during third period on Tuesday?"

They ought to be able to say, "Beats me; we're in the education business, not the surveillance business. But good luck with your investigation."

Re:

[yar (170650)]

You don't have to log everything. You have to abide by your records retention policies. You are required to log some things, by records laws, but not by the rules of civil procedure. The only situation where you might have to log more than you ordinarily would is in the case of a litigation hold, when you're party to a lawsuit.

Re:

[spiedrazer (555388)]

read my post below, but this is mostly FUD to sell e-mail archiving gear! The rules just say that you cant destroy data On An ONGOING LEGAl ACTION!! it's basically just officially extending the 'you can't destroy evidence' rule to electronic communications as well. You can destroy all your stuff whenever you want as long as it isn't about a pending legal case. All the other details (retention policies etc.) just clarify what is punishible or not punishible if it is found that you did destroy stuff after

What's .. Bush .. got to do .. got to do with it?

[Ungrounded Lightning (62228)]

So much for the conservative republican President's desire to keep govt. out of our lives. What a lying sack of shit he is!

The PRESIDENT? What's the PRESIDENT go to do with it?

Quoting Wikipedia:

The FRCP are promulgated by the United States Supreme Court pursuant to the Rules Enabling Act, and then approved by the United States Congress. The Court's modifications to the rules are usually based on recommendations from the Judicial Conference of the United States, the federal judiciary's internal policy-making body.

Internal rulemaking by the JUDICIAL branch - the supreme court and their hirelings - with concurrence from the LEGISLATIVE branch. The EXECUTIVE branch isn't even in this loop.

Are you faulting Bush for failing to stage an unconstitutional armed intervention into the inner workings of the Supreme Court?

That upper-leg tick really needs attention.

[Ungrounded Lightning (62228)]

Ah, President Bush. I thought I smelled your foul stench.

Federal Rules of Civil Procedure are promulgated by the Supreme Court (and written by their employees), after receiving a Congressional rubber stamp. Bush and his whole branch of government aren't even in the loop.

But somehow it's Bush's fault, right? Did you elect him the official scapegoat? (If you get a cold it's Bush's fault. If the Supreme Court promulgates a rule you don't like it's Bush's fault. He wasn't there for the election - but that's HIS fault.)

You really need to get medical attention for that jerking knee.