The Trial Started April 27, 2026

Elon Musk sued Sam Altman and OpenAI for actions that go back to the humble, non-profit beginnings of OpenAI. The filings contain some interesting, flashy gossip on the surface. But beneath the flashy gossip is a serious lesson.

The trial that started this week in Oakland is a vivid illustration of what happens when sophisticated organizations keep everything. Exhibits range from merely embarrassing to damaging — Greg Brockman’s 2017 personal journal, Elon Musk’s 2016 email calling Jeff Bezos “a bit of a tool,” internal communications about how to “control the narrative” around an investigation. These are all in the case for one reason-- nobody disposed of them.

Let's be honest. Law firms keep more, for longer, with less discipline than the Musk v. Altman defendants. Call it the “Just In Case” Rule of document retention and data governance. If your firm subscribes to that, this article shows you why you should rethink that.

What The Discovery Has Actually Produced

Hundreds of unsealed filings in Musk v. Altman have pried open the internal information practices of OpenAI, Microsoft, Meta, and Tesla. The court’s January 15, 2026 summary judgment order (docket; SJ order, 1/15/26) quotes directly from a September 2017 Brockman journal entry:

“This is the only chance we have to get out from Elon. … Financially, what will take me to $1B?”

An unsealed February 3, 2025 text exchange shows Mark Zuckerberg telling Musk that Meta’s teams were,

“on alert to take down content doxxing or threatening the people on your team” working on DOGE."

Internal OpenAI communications from March 2024 show then-communications chief of OpenAI, Hannah Wong, describing efforts to “control the narrative” around the WilmerHale investigation summary.

None of these were created as corporate records. Yet they are now central exhibits — preserved, accessible, and produced because they were relevant under Federal Rule of Civil Procedure 26 and within the corporation’s possession, custody, or control under Rule 34, That is the lesson. Discovery turns on relevance and on whether the producing party had the legal right or practical ability to obtain the material. Courts apply that test functionally. In re NTL, Inc. Securities Litigation, 244 F.R.D. 179 (S.D.N.Y. 2007). Where the corporation does not have control, Rule 45 third-party subpoenas reach the rest.

No governance lever makes existing relevant material vanish once litigation is reasonably anticipated. There is one lever that genuinely reduces what exists to be discovered, and it operates entirely before any preservation duty attaches--defensible disposition under a written retention schedule. Yep, part of one of my favorite topics: Data Governance.

Why This Is A Law Firm Problem

The instinct in most firms is to keep everything. Closed matter files, drafts, internal memos, deposition prep, conflict-check workpapers, engagement letters, billing narratives, KM databases, marketing CRMs — and now AI-tool outputs. Copilot drafts, transcription archives, redline histories, intake-bot logs. The rationales for keeping all of it are familiar: malpractice tail risk, future citation, fee disputes, the possibility a former client will ask for something. None justifies indefinite retention. Most justify defined retention with documented disposition at the end of it.

Three reasons the law firm exposure is worse than the Musk v. Altman defendants’:

Volume and surface area. Firms hold work product, strategic thinking, candid attorney communications, and client confidences for hundreds or thousands of matters at once. Each matter is its own discovery and breach surface.

Confidentiality runs indefinitely. ABA Model Rule 1.6 applies to client information after the representation ends, with no expiration. Indefinite retention extends the duration of that confidentiality risk. Every additional year a closed file sits on a server is another year it can be breached or subpoenaed.

Breach risk is asymmetric. When a tech company is breached, its own information is exposed. When a law firm is breached, the privileged information of dozens or hundreds of unrelated clients is exposed simultaneously. The ABA’s 2024 Cybersecurity TechReport and the steady cadence of firm ransomware incidents (Mossack Fonseca, the 2023 Orrick breach affecting hundreds of thousands of clients, the 2024 Houser LLP incident) drive the point home.

What the Rules Actually Permit

Ostensibly law firms cling to the "Just in Case" Rule mainly in fear of spoliation. We can all agree, however, that routine, good-faith disposition under a written schedule, applied consistently before any duty to preserve attaches, is not spoliation. The 2015 amendments to Federal Rule of Civil Procedure 37(e) tightened the spoliation framework. Sanctions for lost ESI now require that the party failed to take reasonable steps to preserve, that the information cannot be restored or replaced, and — for the most severe sanctions — that the party “acted with the intent to deprive another party of the information’s use in the litigation.” Negligence and even gross negligence will not support an adverse inference. Applebaum v. Target Corp., 831 F.3d 740, 745 (6th Cir. 2016). Conformance in good faith to a valid retention policy, before any duty to preserve arises, does not itself demonstrate the requisite intent to obstruct or deprive. Arthur Andersen LLP v. United States, 544 U.S. 696 (2005).

The Sedona Conference Commentary on Legal Holds and Commentary on Information Governance treat consistent disposition under a written schedule as the foundation of defensible practice. That’s beautiful framing – the foundation of a defensible practice. The duty to preserve attaches when litigation is reasonably anticipated, and the schedule must be suspended at that point — but disposition that occurred before that point is protected. The professional rules are aligned, not in tension. I highly recommend reading the Sedona Commentary if you're hanging on to files "just in case."

ABA Formal Op. 471 (2015) addresses what lawyers owe clients on termination of representation, surveys the split between the entire-file and end-product approaches, and confirms that lawyers are not required to retain every file indefinitely. The Federal Civil Rules and the Professional Rules of Conduct all permit defensible disposition. The “just in case” instinct is a malpractice-aversion habit that can actually be turned against you if you let it supercede good data governance.

What a Defensible Schedule Looks Like — Pick Your Model

Most firms cannot realistically tag every document inside a matter file by sub-category and apply category-specific disposition. A schedule that requires that level of operational sophistication is one most firms will not actually follow. Two simpler models are defensible and implementable; pick the one that fits your needs and infrastructure.

Model 1 — Matter-level Disposition

The entire matter file is treated as a single bucket and disposed of on one schedule triggered by matter close, with a small number of carve-outs handled separately. This is the simpler model and works for solo, small-firm, and many mid-sized practices that do not have document-level tagging in their DMS.

Matter file (all working materials, drafts, correspondence, end-product, internal memos): Retain for the period set by the longest-required category that applies to the matter — typically seven to ten years from matter close for general civil and transactional work, longer for trusts and estates, longer where statute-of-repose or active malpractice exposure requires.

Trust account records (separate): Retain for the period your jurisdiction requires — five years under ABA Model Rule 1.15(a). Check your jurisdiction specifically.

Original client documents (separate): Wills, deeds, executed instruments, and other originals returned to the client at matter close. Get into the habit of returning originals promptly whenever possible. Otherwise, you must babysit them, which comes with a resource drag.

Email (separate, system-level): Three-year default retention on routine business email, with matter-relevant emails captured into the matter file at matter close.

Marketing and CRM (separate): Three years from last contact.

Model 2 — Two-tier Disposition

The matter file is split into two tiers, each with its own disposition schedule. This is the realistic outer limit of category-specific disposition for firms without sophisticated data governance infrastructure.

• End-product file (final pleadings, executed contracts, recorded instruments, opinion letters, closing binders): Retain for 7 - 10 years from matter close, or longer where the practice area requires; returned to the client at close where the entire-file approach applies.

• Working file (drafts, internal memos, attorney work product, correspondence, research, deposition prep, billing detail): Retain for 3 - 5 years from matter close, with carve-outs for matters under active or threatened malpractice claim, ongoing investigation, or open ethics issue.

• Trust account records (separate): As above — 5 years under Model Rule 1.15(a).

• Email (separate): Three-year default; matter-relevant communications migrated into the working file or end-product file based on substance. •

• Marketing, CRM, and AI-tool outputs (separate): As below.

Both models — the AI category AI-generated artifacts (copilot drafts, transcription archives, redline histories, intake-bot logs) are records subject to the same retention discipline as their human-authored equivalents, but live mostly outside the matter management system.

Maintain an inventory of AI tools in use, push vendor retention defaults into counsel’s hands (“indefinite” and “use for training” are the common defaults and both are unacceptable), and build AI accounts into legal-hold tooling.

Whichever model you pick, the schedule must be written, applied consistently, suspended on hold triggers, and audited. Selective enforcement — applied to associates but waived for the managing partner — is the signature failure mode.

When the Clock Starts

If agentic AI has taught me anything it’s that a schedule is only as good as its trigger. “Seven years from matter close” means nothing if “matter close” is undefined and as nebulous as morning fog. What that comes down to is pinning down in writing. Perhaps that sounds like an oversimplification, but here's why it's not. It shows a stable, consistent, measurable rule. You need that if you are going to defend a disposition decision years later.

1. Define "Matter Close" as a Specific Event. "Matter close" cannot be an instinct if it is to stand up to scrutiny. A workable definition combines final invoice issued and paid (or written off), closing letter sent to the client, file marked closed in the practice management system, and any retained originals returned. Always document the event with a date.

2. Trust Account Records run from termination of the representation, not matter close. ABA Model Rule 1.15(a) (many states have a similar rule) runs from termination. Usually the same date as matter close, but not always. Calendar these separately if needed.

3. Statutes of Limitation and Repose Run on Separate Clocks. A schedule that disposes of a matter file before the malpractice statute of repose has run is a problem. Build a practice-area lookup into the schedule and trigger disposition at the later of the schedule or the applicable repose period, whichever is longer. Once you close the matter, run both clocks in parallel: the schedule cadence (eg, seven years from matter close) and the repose period, which usually predates close (eg, five years from the act). You dispose of the file when the later of the two has run.

Best Practices

I love data governance, and if you have a hammer, well, everything is a nail. But objectively, a lot of this is just good ‘ole data governance and data hygiene.

1. Inventory what you retain and where it lives — including personal devices, AI tools, and vendor systems. You cannot govern what you cannot see.

2. Apply the schedule consistently across the firm, including to founders and named partners. Selective enforcement defeats the doctrine and raises your liability.

3. Suspend the schedule on legal hold and confirm holds reach AI accounts and personal devices. A schedule that doesn't pause for litigation is not a defensible schedule.

4. Implement a written communications policy that addresses the use of personal devices and ephemeral messaging, including for senior lawyers.

5. Review vendor retention and AI-training defaults before procurement. Indefinite retention and "use for training" defaults are common, but unacceptable. These are legal issues that shouldn't be left to the IT department.

6. Document disposition, holds, and policy updates. Undocumented practice is indefensible practice.

7. Calendar an annual review to address new tools, new practice areas, and new authorities. Boring advice, but it makes a big difference.

Bottom Line

Exponentially reduce the risk of that candid attorney communication by exercising good data governance. The work product, the strategic thinking, the candid attorney communications, and the client confidences sitting on your firm’s servers could turn out to be someone else’s exhibits in a future trial, or someone else’s data breach, someone else’s malpractice case, and someone else’s bar complaint. You’re keeping that file “just in case.” But really, it is unmanaged risk.

Records disposition is not the only factor at work in this case — channel discipline, privilege design, and platform governance also do real work — but it is the most concrete, the most actionable, and the most under-used.

Editorial note: this article is hardly dispositive or in-depth. Consider doing additional research.

Recommended Reading: Sedona Conference Commentary on Legal Holds, and Commentary on Information Governance

© 2026 Amy Swaner. All Rights Reserved.  May use with attribution and link to article.