Few things can derail high-stakes business litigation faster than allegations of spoliation—the improper destruction or concealment of relevant evidence. Sheryl Sandberg, previously Meta’s COO and a board member, recently learned this the hard way. In In re Facebook Inc. Derivative Litigation, the Delaware Court of Chancery sanctioned Sandberg for spoliation because she routinely deleted relevant emails from her personal Gmail account, even after a formal litigation hold was issued.[1] Meanwhile, Jeff Zients—another Meta board member who was initially under scrutiny—escaped sanctions after convincing the court that he had not actually destroyed relevant data.[2] Zients escaped sanctions because the plaintiffs could not prove that his deletions actually deprived them of any unique evidence—and he was relatively forthcoming once his document practices were scrutinized. Sandberg, on the other hand, was found to have genuinely destroyed relevant personal-email data, thus prejudicing the plaintiffs and prompting the court to impose sanctions against her.

This stark contrast is a wake-up call for executives and board members: using personal email for business and selectively deleting messages after receiving a legal hold can have severe legal consequences.

The Risks of Personal Email for Business

Company executives and board members may prefer using personal email for sensitive business discussions, mistakenly believing that it shields them from liability or provides anonymity. Sandberg employed a personal Gmail address under a pseudonym. As the Delaware Court of Chancery’s opinion shows, this approach can backfire tremendously. In Sandberg’s case, the court elevated the burden of proof on her affirmative defenses from the standard “preponderance of the evidence” to the more stringent “clear and convincing.” This raised both her litigation risk and her legal expenses, but it could easily have been worse.  Courts have imposed even more drastic sanctions for spoilation, including jury instructions presuming wrongdoing and outright dismissal of claims.

Why “Clever” Deletion Strategies Cause Devastating Legal Consequences

Many executives mistakenly believe that deleting emails from personal accounts makes the emails disappear forever. In reality, sophisticated forensic tools can detect footprints of deleted evidence, and the selective or untimely destruction of emails raises more red flags than the content of most emails ever would.

While many companies employ routine deletion policies, selective deletions, particularly after a company has been notified of potential litigation, can be construed as intentional spoliation.[3] At that point, the damage is done, and courts may instruct jurors to infer that missing emails would have been damaging (even if they were not), or impose other damaging sanctions. The outcome can reshape settlement and verdict discussions.

What About Smaller or Family-Owned Businesses?

Spoliation risk is not limited to large-scale entities with in-house legal departments and compliance teams. Here are steps any company—large or small—should take:

1. Adopt a No-Personal-Email Policy for Company Business. Even if the business cannot afford a full-blown e-discovery or compliance department, a straightforward written policy that states “no business on personal email” can go a long way. If a personal account must be used in a true emergency, require a prompt forward of all correspondence to a company-managed account.
2. Implement Litigation Holds Immediately. Once you anticipate a dispute or receive a demand letter, you must suspend routine deletion of all relevant data—whether it’s on personal or company devices. Inform executives that the legal hold covers personal email accounts, and ensure they turn off auto-delete features.
3. Enforce Document Retention Policies. If you discover employees or executives using personal emails for significant company matters, step in quickly. Good-faith enforcement is key—failure to follow your own policy undermines credibility if spoliation allegations arise. Smaller businesses may not have dedicated e-discovery teams. Nonetheless, they can still implement basic backups or invest in user-friendly archiving tools. Saving relevant files to an external hard drive or secure cloud storage can be the difference between a winning case and crippling sanctions.

How to Further Mitigate Spoliation Risks?

1. Use Audit Trails and Access Controls. Even smaller businesses can benefit from basic access logs and tracking. These logs document who has opened, edited, or deleted files, and demonstrate to courts that you have taken preservation seriously. More robust businesses should invest in automated systems that log and track access, modifications, and deletions of critical files.
2. Train Executives on Data Retention Risks. Don’t assume your C-Suite or Board automatically knows the difference between routine versus prohibited deletion. Mandate short, practical training sessions, especially if a potential lawsuit surfaces.
3. When resources permit, involve Legal, IT, Compliance, and HR in a shared oversight group. Smaller companies should designate at least one “go-to” person to coordinate oversight. The goal is to ensure everyone follows consistent data-retention and deletion policies.

Caution is Key

Spoliation is not just a legal technicality—it can define the outcome of high-stakes litigation. Sandberg’s saga illustrates that even powerful figures at household-name companies are not immune from serious legal consequences when they delete relevant data.

Whether your organization is a multinational corporation, a family office, or a non-profit, approach email use and data retention with the same level of care you use for your core business decisions. A small, routine deletion may seem harmless—until it spurs a costly legal presumption that you were hiding incriminating information. By implementing sensible policies, enforcing them consistently, and reacting swiftly if litigation looms, companies and executives can steer clear of the spoliation trap.

Shields Legal Group regularly advises companies—large, small, and family-owned—on navigating the thorny world of e-discovery, spoliation risks, and litigation holds. We can help tailor a practical strategy that fits your budget and legal needs.

---

[1] In Re Facebook Inc. Derivative Litigation, C.A. No. 2018-0307-JTL (Del. Ch. Jan. 21, 2025) (Mem. Op).

[2] Notably, the motion for sanctions was denied against Zients. Id., at 34.

[3] Id., at 26. Zients was found to have improperly used an auto delete function for his emails, but without the intent required to for a spoliation finding.