Take Yourself Seriously: Delete Shit & Worry Less

CLDC educates environmental and social justice activists, organizations and funders regarding law-related topics. We will be presenting a series of informational primers that are particularly important in times of heightened state repression and corporate attacks on dissent. This series, “Take Yourself Seriously” will provide best practices for individuals, nonprofits, activist groups, and funders, in order to prevent losses that could be caused by SLAPP suits, RICO cases, subpoenas, search warrants, and other attempts at derailing your work to protect the planet and its inhabitants.

Why should political activists engage in document hygiene?

When our movements are strong and effective, adversaries often double down on using their money to abuse the legal system by dragging activists and organizations into courts—whether by filing criminal charges or civil lawsuits.  There’s not a lot we can do to stop them from manipulating or weaponizing the law, but there are many things we can do to armor ourselves and our communities in order to reduce harms that may occur from these types of attacks.

Our first topic, document hygiene practices, encompasses both document retention and destruction policies and practices, as well as digital security practices that interplay.  This includes what documents, texts, photos, emails, calendar entries, or files you should maintain to protect yourself, and which you should delete or destroy (thus removing the threat of subpoenas, theft, hacking, etc.). We welcome your feedback and suggestions for future topics that we should cover.

Remember: Knowledge is Power. The State (which includes corporations and industry groups) is taking your activism seriously and is seriously attempting to undermine your work and drive folks from away from this important work.  Even if you are a volunteer or unpaid activist, it’s time to take your work seriously and CYA (cover your ass).

IF THE “DOCUMENT” DOESN’T EXIST, THERE IS NO THREAT OF IT BEING TURNED OVER TO THE ENEMY OR STOLEN/SEIZED

• Do you need to write it down? Or would a phone call or convo be better?
• How should you write it down (digital or paper)
• Notetaking—what content needs to be recorded? What record is created?
• Take yourself seriously=less worry

Step 1: Create a Written Document Retention and Destruction Policy

Everyone—Individuals, Organizations (and some professions), collectives, campaigns, coalitions and funders should create a written document retention and destruction policy so that in the worst case scenario, if your documents are subpoenaed, seized or stolen, you can produce this policy that establishes the reason you have nothing to hand over is because you have been engaged in document hygiene and have been deleting documents every 30 days (or whatever time period you choose).  Different professions and types of documents will have different time periods you may be required to retain them.  So, Document Retention and Destruction Policies (“DRD Policy”) will vary in order to ensure that organizations/individuals retain documents which could later be required for business or regulatory purposes. For example, maintaining tax documents in case of an audit or other investigation, employment records, contract or grant documents, or litigation documents each have mandatory time periods that you must maintain—those time periods should be included in your DRD.

A DRD Policy and program saves you time and money                                                           

In the event you and your documents become embroiled in litigation or governmental investigation, the fewer documents that exist, the less work you have to do to review, compile and produce those records. In fact, particularly in light of developments in electronic (or e-) discovery, the proper maintenance and timely destruction of electronic (as well as paper) documents could save a great deal of money for an organization forced to search unwieldy and voluminous records in the face of discovery requests.

IRS Form 990 instructs: “A document retention and destruction policy identifies the record retention responsibilities of staff, volunteers, board members, and outsiders for maintaining and documenting the storage and destruction of the organization’s documents and records.”

Step 2: Considerations and Procedures for Implementation of a DRD Policy

First, discuss the ways in which documents are created and where they are saved or exist.

Documents include both physical copies and electronically stored information (ESI).  Based on recent SLAPP and other lawfare cases CLDC has defended, here is a list of the forms of ESI from a subpoena:

1. Emails and other electronic communications
2. Twitter/X messages; Instagram, Facebook, sock puppet accounts, What’s App, Telegram Signal, Wire; or any other social media platform/service messages, including all direct messages on any platform; and all other forms of communication
3. Database
4. Images, including PDFs, photos, videos, graphics
5. Electronically stored files (e.g. files created in Microsoft Word, Pages, Google Docs, PowerPoint, Excel, Dropbox, Open Office, etc.)
6. Computerized calendars
7. Metadata, legacy data, and databases
8. Cancelled checks, receipts for Venmo, Zelle, PayPal, CashApp, Patreon, ACH payments, wire transfers, Western Union MoneyGram, and receipts from any and all other methods of sending, receiving or transferring money.
9. Memos
10. Correspondence
11. Spreadsheets
12. Photographs and videos
13. Decks
14. Contracts (including amendments)
15. Draft contracts
16. Reports
17. Notes (including handwritten notes)
18. Drafts (of all of the above)
19. Ledgers
20. Texts
21. Sales forms
22. Receipts
23. Invoices
24. Appointment books
25. Audio and video tapes
26. Voice messages
27. Diaries and journals

You may be required to preserve or produce this information regardless of where it is stored, including but not limited to:

1. Workstation computers
2. Laptops
3. Tablets
4. Portable devices (external drives, thumb drives)
5. Cell phones
6. Company network
7. Cloud-based services
8. Encrypted services
9. Zoom and/or Microsoft Teams video conference recordings.

Second, are they saved or maintained in a segregated manner so that when it comes time to destroy (or retain) those documents, they can be easily culled from the others for disposition? Many groups we work with use a traditional color-coding system:  red for very sensitive records, green for documents of a significantly non-sensitive nature.  What types of records fall into each color can be included in the policy or procedures so that all members are ensuring compliance.  Make sure policy includes email, social media, internal comms channels, etc.

Third, Determine how privacy laws, attorney client privilege, or other privileges will apply to documents and data from and with respect to employees, work product, and members/ donors/ volunteers.

Fourth,  Carefully think through the record retention responsibilities of staff, volunteers, board members, and outsiders (including partner orgs and coalition partners) for maintaining and documenting the storage and destruction of the organization’s documents and records.

Although the IRS in its 990 instructions seems to imply that volunteers should have some responsibility with respect to document hygiene, volunteers should have as little responsibility as possible. Consider using platforms like Keybase.io or Cryptpad that securely allow administrators to destroy or maintain documents for all.  Anyone who is a volunteer (meaning that they are contributing their time, gratis) will think twice about continuing to volunteer if they are responsible for maintaining documents on their personal or business computers for some specified amount of time, for searching for documents on their computers and/or for destroying certain documents. These responsibilities should instead rest on org staff if possible.

Only include requirements that individuals/orgs know can be met within their capabilities If the org can’t follow the policy, don’t enact it. The worst thing that an organization, individual, coalition, etc., can do is to adopt policies which it does not follow, giving a false sense of security. (*keybase.io is great for ‘enforcing’ doc destruction across coalitions, etc. b/c it deletes for everyone)

Other tips:

Ensure that the policy includes standards for document integrity, including guidelines for handling electronic files, backup procedures, archiving of documents, and regular checkups of the reliability of the system.

For orgs and coalitions, provide for one specific policy administrator (with assistants, if necessary) who will be responsible for administration and compliance of the policy.  Responsibilities include periodic review of the policies for current relevance and compliance. If that administrator is not the ED/CEO, then the administrator should report to that person (since they are ultimately responsible for almost everything).

The policy must contain specific procedures for instituting a litigation hold where litigation, an audit, or a government investigation is reasonably anticipated. This is normally activated by a written notice from the bad guy. This is an area where liability could be significant if proper procedures are not instituted and followed.

For orgs: The DRD Policy should be carefully explained to and adopted by the Board of Directors. Staff should be onboarded and trained on their mandatory duties as well.

Document retention policies apply equally to documents saved in the cloud, on a server, or in a filing cabinet. If your nonprofit is using digital storage, make sure you have a back-up plan!

While having a document retention policy gives staff the green light to toss certain documents (on a schedule, preferably), as you are creating a policy specifically for your nonprofit, think about whether there are certain types of documents or specific documents that for the sake of history, or institutional memory, should be maintained permanently.

State laws relating to employment (such as those governing employment/payroll) vary state to state and often have implications for document retention policies.

Nonprofits serving minor children may need to retain records relating to minor children at least until the child reaches majority age, plus the time allowed by the state statute of limitations for the child-now-adult to bring a claim against the nonprofit.

Specific Consideration for Certain Groups:

Sarbanes-Oxley Requirements:  Section 802 (Criminal Penalties for Altering Documents) of the Sarbanes-Oxley Act (―SOX‖) Section 1519 of the federal criminal code, provides: Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.

SOX Section 1102 (Tampering with a Record or Otherwise Impeding an Official Proceeding) subsection (c) added to Section 1512 of the federal criminal code, which states: (c) Whoever corruptly— (1) alters, destroys, mutilates, or conceals a record, document, or other object, or attempts to do so, with the intent to impair the object’s integrity or availability for use in an official proceeding; or (2) otherwise obstructs, influences, or impedes any official proceeding, or attempts to do so, shall be fined under this title or imprisoned not more than 20 years, or both.

In addition to possible criminal liability, civil liability may result from the wrongful destruction of evidence, or ―spoliation if litigation has already been filed against you (or you have initiated a suit against others). See Federal Rules of Civil Procedure (“FRCP”) 26; 37(e); Zubulake v. UBS Warburg, 220 F.R.D. 216 (S.D.N.Y. 2003) (“An organization becomes subject to a duty to preserve (or halt the destruction of) records once litigation, an audit or a government investigation is reasonably anticipated.”); William T. Thompson Co. v. Gen. Nutrition Corp., 593 F. Supp. 1443, 1455 (C.D. Calif. 1984) (“While a litigant is under no duty to keep or retain every document in its possession once a complaint is filed, it is under a duty to preserve what it knows, or reasonably should know, is relevant in the action, is reasonably calculated to lead to the discovery of admissible evidence, is reasonably likely to be requested during discovery and/or is the subject of a pending discovery request.”)