Dealing with subpoena requests for digital data.

Author:Vogel, H. Steven

A CPA firm received a subpoena for the production of its documents related to an S corporation tax return where one shareholder alleged criminal activity on the part of the other shareholder. The firm contacted its professional liability insurer, which retained an attorney to help the firm properly respond. The attorney requested a copy of the firm's record retention policy (RRP) and the relevant documents. After providing documents to respond to the subpoena, the CPA firm considered the matter closed.

Or so it thought.

After reviewing the documents that were produced, the plaintiff's attorney believed the firm's production was incomplete and that portions of an email string potentially were missing. Additional discovery found numerous emails and text messages stored on a partner's personal home computer and mobile phone that were missed in the initial response to the subpoena.

With this additional information, the plaintiff's attorney turned his attention to the CPA firm, believing the CPA firm was not disclosing information about the shareholder's potentially criminal activity. After five years of unsuccessful pursuit of this theory, the matter was dismissed, but not before the CPA firm lost hundreds of hours of billable time and incurred tens of thousands of dollars in legal fees responding to what first appeared to be a "simple" subpoena.

What went wrong? How did the firm miss several key electronic documents when formulating its initial response to the subpoena?

The firm's RRP did not address all sources of "electronically stored information" (ESI). Therefore, the firm's response failed to include items stored on personal devices. The proliferation of ESI and the multitude of places where it may be stored leave an electronic data trail with no true road map for a CPA firm to follow when producing such information. Consequently, CPA firms should recognize the importance of evaluating their record storage procedures and consider modifying their existing RRP to address ESI.


To start, terminology related to ESI should be defined:

* ESI: Information created, manipulated, communicated, stored, and/or best used in digital form, requiring the use of computer hardware and software.

* Electronic storage media: Any and all electronic devices that can be used to store data, including internal and external hard drives, CDs, DVDs, USB drives, Zip disks, magnetic tapes, SD cards, copy machines, cellphones, "smart" appliances, and more...

To continue reading