In legal circles, spoliation means intentionally destroying or altering data in a way that destroys its value as evidence. This could mean editing time stamps, deleting email, editing files or deleting files. Basically, this could mean anything that can contaminate evidence. It’s often difficult to prove spoliation because of the word intent. For example, if you are using Retrospect to move data and it gets lost in a move then you may destroy the value of data, but if you can prove that you did the move of data every night and why a failure occured, then you are probably in the clear…
Stick with me, ’cause there’s a point here. Good system administration practices can save you from potential problems. Non-repudiation (ie – don’t give your password to the guy that sits next to you because it’s quicker than VPNing in and resetting his password at midnight when he calls). Logging (ie – log everything to a centrally managed syslog box that’s maybe full disk encrypted and bolted down). Backups (ie – just keep pretty much everything for as long as your budget allows, tier the storage and retention cycles so you can keep important data longer). Response (ie – if you get a response of legal action then go ahead and make an offline copy of everything asap and then checksum it).
Basically, if you’re not actually guilty of spoliation it will be difficult to prove. However, be smart now to keep it from coming up. Be as open and honest as you can be, which means don’t do anything you might feel compelled to hide later. Take meticulous notes so your memory is sharp on the facts and go the extra mile to be as thorough in a one-time backup scenario as possible.