I would refuse to cooperate with the third party auditor as well. No one gets to scan my hard drive without a court order. And even then, I wouldn't provide the decryption passphrase unless I was legally required to.
Even though there isn't anything illegal or incriminating on my hard drive (as far as I know, anyway), I wouldn't agree to let someone violate my privacy for a mistake they made.
Regardless, this whole thing would be "verification theater". OP could have copied the records out to a flash drive before deleting them from the hard drive, and hid it in his floorboards, and there'd be no record he did that. Third-party audit would say "yep, looks like the files have been deleted off the hard drive", and that would be that.
Also, "good faith"? The lawyer OP ended up talking to said that their behavior seemed to indicate they were moving in the direction of CFAA charges. While we can't know that for certain, that's quite the opposite of good faith.
And did you have to sign it? What would have happened if you hadn't? Why do you have to sign a legally enforceable document because some idiot messed up?
Not OP, but signing it probably made the mess immediately disappear. Even if there was no legal requirement, the stress and potential expenses are not worth it if the data was genuinely deleted.
Taking a moral stand has costs that not everyone can bear.
And besides it’s an affidavit not an NDA. It’s just a legal document claiming that what he said happened, did in fact happen. Not sure what the moral stand is here in not signing it?
I would have to be legally compelled as well. The city may trust their auditor with my private communications and access to my financial accounts, but I do not.
Even though there isn't anything illegal or incriminating on my hard drive (as far as I know, anyway), I wouldn't agree to let someone violate my privacy for a mistake they made.
Regardless, this whole thing would be "verification theater". OP could have copied the records out to a flash drive before deleting them from the hard drive, and hid it in his floorboards, and there'd be no record he did that. Third-party audit would say "yep, looks like the files have been deleted off the hard drive", and that would be that.
Also, "good faith"? The lawyer OP ended up talking to said that their behavior seemed to indicate they were moving in the direction of CFAA charges. While we can't know that for certain, that's quite the opposite of good faith.