As an obsessive fan of baseball's Boston Red Sox, I am one of the last people to defend the New York Yankees' Alex Rodriguez. As an analyst of content management technology and practices, I can't help but think that the Major League Baseball players' union has some serious explaining to do to "A-Rod."

No, I'm not going to argue what penalty should be imposed for using performance-enhancing drugs – I'll leave that to sports talk radio. I'm also not going to get into the legalities of someone leaking medical information to a journalist – I'll leave that to the authorities. I will, however, argue that the alleged evidence that Alex Rodriguez tested positive for a drug test in 2003 should never have been able to be leaked in the first place.

In 2003, the Major League Baseball Players Association agreed to player testing in order for Major League Baseball to determine what percentage of players were using performance-enhancing drugs. The union made this agreement under the terms of complete anonymity; the names of those testing positive were never to be revealed. The Union assured its constituency that once the percentage of positive results was determined, the results would be permanently destroyed.

But, according to multiple Sports Illustrated sources, this list of players who tested positive does exist. It was never destroyed. We often hear of incidents where medical records are not properly destroyed and patients’ confidential information is somehow found – either in a dumpster or on a rogue laptop. It is a medical office's responsibility to its patients to emplace policies and procedures for the proper destruction of information. Similarly, it was the MLB Players union's responsibility to abide by their own promises and destroy the documents in a timely manner.

As readers of The ECM Suites Report and students of our E-Discovery Online Certificate Education Course know, the issue of proper destruction of information gets even more complicated when technology comes into play. It's too late for Alex Rodriguez to investigate his union's governance policies and procedures, but what about your enterprise? How can you be certain that you are responsibly destroying information about your customers/partners/employees? If you were involved in a legal action and a subsequent e-discovery effort, what would investigators find in your content management systems, databases, hard drives, and e-mails?

Does your enterprise have a clear policy in place for destroying information in compliance with proper regulations? Does your enterprise have a way of ensuring that these policies were followed correctly? Does your destruction policy include a certificate of destruction? Does it include an audit trail of everyone who viewed the information?

I would never wish this sort of legal imbroglio on anyone, but I'll take some comfort though that A-Rod will be spending at least some of his off-season thinking about records management when he should be thinking about how he's going to deal with Red Sox pitching...