Better IT security might have prevented the DEA from getting the patient data (disk encryption and setting a backend database password for starters), but when that data is NOT in YOUR control, then you are not going to have that much POWER.
Companies should remember that their information governance practices may have significant financial repercussions if they become involved in litigation. One court in the District of Nevada recently took a novel approach to analyzing the accessibility of emails stored on backup tape. In United States ex rel Guardiola v. Renown Health, i the United States District Court for the District of Nevada opined that Renown’s business practice of retaining email older than six months on backup tape foreclosed it from successfully arguing that the emails were shielded from discovery as not reasonably accessible because of burden or cost. The court also refused to shift to the requesting party the cost of restoration and review of the email at issue. A key element to this decision was the court’s perception that Renown’s email archival practices were out-of-date, and it also considered the use of backup tapes for recordkeeping without consideration to “the risk of litigation and corresponding discovery obligations” a nonsensible choice. What is unique about this decision is that the court focused on Renown’s business decisions on how to manage its information in the absence of pending discovery, and determined those pre-litigation business decisions were the critical factor to prevent the company from avoiding discoverability of documents archived per those decisions.