The FTC and DOJ’s Antitrust Division recently announced that they are updating their guidance regarding how parties in enforcement and investigative matters must preserve electronically stored information (“ESI”) from collaboration tools and ephemeral messaging platforms like Slack, Microsoft Teams, and Signal. The updates are aimed at counteracting settings that allow or automatically enable immediate and irretrievable destruction of communications and documents that may be responsive to the FTC’s or the Antitrust Division’s investigative requests.
Keeping with this goal, the antitrust agencies will update language in their standard preservation letters and specifications for second requests, voluntary access letters, and compulsory legal process, including grand jury subpoenas.
While the FTC and DOJ’s Antitrust Division emphasized that these updates simply “reinforce” companies’ longstanding, existing preservation obligations, the new guidance warrants companies’ careful attention. The FTC clarified, for example, that appropriate retention practices for messaging platforms include not only disabling automatic deletion capabilities, but possibly “stopping use of certain applications altogether,” and further stated that “newer messaging applications might implicate employee-owned devices to a greater extent than past methods of communication.”
Changes to Second Request Letter
The FTC had already released this updated language for its model second request letter, with similar updates expected to the other types of letters and communications referenced above. Such letters are sent to transacting parties to request information when the DOJ or FTC is investigating a proposed merger or other transaction. The FTC’s prior model second request letter already included language requiring parties to disclose retention policies for ESI and “documents,” including “instant messages.” But the updated model letter adds a new requirement that companies submit an “Information Systems Diagram,” showing where and how “the Company stores all physical and electronic information in its possession, custody or control,” including: 1) information systems (e.g., email or voicemail); 2) Collaborative Work Environments (platforms used to create, edit, store, and access documents and information by authorized users, such as Microsoft SharePoint and iManage); and 3) backup storage systems. Additionally, for each custodian, the diagram should include an “‘Application List’ identifying any communication, collaboration, Messaging Application, or Collaborative Work Environment accessible, either currently or at any time during the period for which information is requested, on an Employee-Owned Device or electronic device in the possession, custody, or control of the Company[.]”
The updates also expand the required disclosures for retention policies. Previously, companies were required to submit documents that show “in detail the Company’s policies and procedures relating to the retention and destruction of documents.” With the new requirements, companies must submit policies and procedures relating to more specific retention issues, including: 1) retention of communications, such as email, chats, and instant messages; 2) storage, deletion, and archiving of ESI; and 3) specific policies for documents sent using a Collaborative Work Platform or Messaging Applications.
The updates also clarify the scope of messages that companies must disclose. Under the definition in the FTC’s new model letter, a “Messaging Application” includes “any electronic method that has ever been used by the Company and its employees to communicate with each other or entities outside the Company for any business purposes.” This includes messages sent on employee-owned devices, as long as the device was “used to conduct business for Company.”
Companies that fail to comply with the updated guidance could face civil spoliation sanctions, or even criminal liability. In its announcement, the FTC reminded the public that it has successfully moved for civil spoliation sanctions in the past, and may refer cases to DOJ for criminal prosecution through the FTC Bureau of Competition’s Criminal Liaison Unit. Both the Antitrust Division and FTC stressed their “cooperation … on criminal enforcement” as a theme underlying the announced updates to this retention guidance.
- The preservation of data from ephemeral messaging platforms and collaboration tools is a priority for the Antitrust Division and the FTC.
- To comply with the agencies’ guidance, companies will need to carefully review the current deletion settings on these programs, and evaluate whether they need to change those settings or stop using certain programs altogether.
- Failing to comply with the new guidance puts companies at risk of civil sanctions and, in some circumstances, criminal liability.
Mayer Brown’s global Antitrust & Competition and Global Investigations & White Collar teams offer in-depth experience and knowledge in the regulation of digital markets, including in particular, involvement in complex risk assessment, compliance audits and high-stakes litigation. We are well-placed to assist multinational corporations in navigating the field of ever-increasing tech regulation.