What You Should Know About Electronic Document Retention
Because of the exponential growth of usage of electronic devices, the ever-decreasing cost of storage media, and the expanding use of email, businesses have experienced, and continue to experience, an explosion of electronic documents and data. Added to the paper documents generated by the business, this information can become an impediment to efficient business operations, a potential time bomb in the event of litigation, and a business continuity disaster if lost. Not to mention that information needs to be purged from time to time. However, purging should not be done if the threat of litigation appears imminent, Arthur Andersen executives were criminally penalized and the company was fined and prohibited from auditing public companies because he instructed Enron executives to strictly follow the document retention policy even though the threat of litigation was possible.
According to recent surveys, a large percentage of U.S. corporations do not have an established protocol for protecting their trade secrets and most have not prepared for the use of digital information in litigation. Given the time and costs involved in implementing these policies, it is believed that small businesses have done nothing.
So what is a business to do? Every business entity should develop and implement a well-designed and consistently enforced Document Creation, Retention, and Destruction Policy.
What should the policy do? First, the policy should set forth business-wide guidelines for creating, storing, using, retaining, and purging documents created by company employees or with company office equipment. Second, the policy should identify the specific devices on which business documents are to be created and what documents are to be created and how they are stored and moved amongst various devices and eventually disposition of the documents. Finally, the policy should provide rules for retaining documents and action to be taken upon the occurrence of specific events.
Why have a policy? Recent events, including alleged corporate malfeasance and the willingness of courts to impose sanctions for failure to produce documents in litigation, including recently adopted rules requiring electronic discovery under the Federal Rules of Civil Procedure, and some of the states, have made a valid, consistently enforced policy a necessity for every business.
By establishing rules for storage, records can be more easily backed-up, located, and produced as needed. The less time spent looking for records, the more efficient the business operations. The better documents are organized and the more frequently records are backed-up, the more likely a business can continue in the event of a catastrophe. And, in the event of litigation, the more easily documents can be located and produced, the more efficiently the litigation can be resolved.
Developing the Electronic Document Retention Policy. For established business, this will not be an overnight process. Weeks, months, or years of operations will have created an enormous amount of data. It needs to be located, categorized, and appropriate action needs to be assigned. Designing and implementing a policy involves a number of steps and will involve a commitment of time and money. All of which will have been well-spent if the policy is properly developed. The following seven-step process can help:
Step 1: Assess the amount and extent of data.
Step 2: Outline what will go into the Policy.
Step 3: Gather all research and formalize guidelines.
Step 4: Implement the Policy.
Step 5: Distribute to employees and train employees.
Step 6: Enforce the Policy.
Step 7: Periodically conduct an audit.
Who can implement the Policy? While employees, IT professionals, and attorneys can develop and carry out the Policy, engaging a knowledgeable consultant can smooth the process by coordinating all parties involved, overseeing the necessary tasks, keeping the process on schedule, and giving unbiased advice.
Why now? As mentioned previously, in response to various surveys, attorneys consistently indicated that their clients had no established protocol for handing electronic discovery requests. Amazingly, those attorneys said they expected electronic discovery in litigation to increase 'dramatically' in coming years.
Thus, everyday that goes by produces more and more data. Unless a business has policies to organize and deal with it, the more difficult the process will be at a later date.
Practical Considerations for Electronic Document Retention
- Keep document retention policies simple.
- Do not let people with laptops become amateur transcribers. Ensure employees only use their company issued computers for work-related documents.
- Be careful of all informal notes.
- Limit notes and board minutes to agreed upon actions items.
- Do not engage in debates via email.
- Never email sensitive material.
- Monitor what people say via email, instant messaging, and blogging.
- Considering banning instant messaging and blogging.
- Be careful of mobile email and text messaging. PDAs, Blackberrys, and other smart phone devices now serve as another location of potentially sensitive information
- Be careful of attorney-client privilege, or lack of privilege, especially when working outside the US.
- Be sensitive when in-house legal counsel has dual roles of attorney and manager '“ and be aware of effect on privileged communications.
Tips for Avoiding Document Retention Disasters
- Practice competent pre-problem/pre-litigation planning develop and enforce a consistent policy.
- Know what is being stored, where it is stored, and how long the company must keep it. Although there is no minimum time for retention, businesses need to have an established period. There can be different periods for different categories. For example, most accounting/tax records should be kept for approximately four years for IRS audit purposes; employee leave and benefit records should be maintained for at least three years; and contract and warranty documents for a period exceeding the statute of limitations to bring or be subject to any legal action, etc.
- Be sure to include electronic data in the policy.
- Involve the company's technology department/consultants in decisions regarding the policy's parameters and methods for enforcement.
- Establish clear accountability for enforcement of the policy.
- Educate all of the company's computer users about the pitfalls of electronic communications.
- Teach employees how to manage their electronic data.
- If the policy states that certain unnecessary records will be purged at regular intervals 'whether electronic or paper' be sure the policy is consistently followed.
- Consider segregating business email and personal email by applying different retention standards.
- Consider prohibiting personal email using business accounts.
- Immediately reconsider and be prepared to suspend regular retention and destruction procedures when litigation or a legal document request is pending or imminent.
- Have a plan in place for quickly notifying all necessary staff when this action must be taken.
- Involve the technology department/consultants again when litigation or any form of document request is imminent.
- Periodically conduct an internal audit of the company's retention policy. It will be easier to argue the policy was reasonable if it is re-examined and any necessary adjustments are made on a regular basis.
REMEMBER: The purpose of the Policy is to manage the mass of information created and to maintain accurate and pertinent information. It is not to avoid the law.
Seven Deadly Email Thoughts (All of the following are false)
- Emails can be deleted.
- Emails get 'lost' among the millions being sent around the Internet.
- Emails go to the people you address them to.
- Comments made in email are not that powerful.
- You can send emails from work in a personal capacity.
- Private email messages are private.
- Your identity is protected through email communications.
Imaging of Paper Records and Off-site Access
Paper documents and records take up space and cannot be accessed remotely. Even if well organized, paper documents are not easily searchable. The benefits of turning paper records into electronic images may outweigh the costs. The benefits of imaging include:
- Reduced required storage space.
- Efficient access and retrieval.
- Easily transported to meetings and court.
- Storage at multiple locations thus preserving data in the event of a catastrophic event at a single location.
- Ability to store on network server which can be accessed remotely.
- Ability to transmit easily and instantaneously to clients and attorneys.
- Frees up space and personnel time needed to access and retrieve.
Old Equipment Are You Giving Away Secrets?
A 2004 Study was conducted by O & O Software in which 200 hard drives were bought on eBay. The average size of the drive was 16GB. Of the 200 drives, 158 worked, 113 had recoverable data (~71.5% of working drives), and the recovered data included 40,000 Word documents, 15,000 Excel spreadsheets, and 50 complete email boxes with all traffic.
Disposal of old computer equipment and storage media needs as much attention as paper documents for protection of trade secrets and confidential information.
Backup, Security & Viruses
Backup can be automated through software but it is not enough. Install firewalls and anti-virus programs, keep definitions current, and adopt and enforce policies regarding email and online activities.
Electronic Records contain metadata which lies beneath the face of the document. It usually contains the history of the document's creation and amendment. It will note the author and machine on which it was created. In emails, it contains all information concerning date of creation, transmittal, and all recipients '“ even the blind copies. Valuable information not evident in a paper document can be found in the metadata. This data can be damaging to the creator and is extremely useful to the discovering party.