With the changing legal landscape and increasing scrutiny over regulatory and compliance issues, response times for discovery requests and production of information have been dramatically reduced, creating new pressures on companies to install and enforce effective data retention policies.
A document retention policy provides for the systematic review, retention and destruction of documents received or created in the course of business. Document retention policies will identify documents that need to be maintained and contain guidelines for how long certain documents should be kept and how they should be destroyed. It would not be an exaggeration to state that many companies in this country do not have a defined and cohesive retention policy. During litigation, this can cause huge additional costs and expose a company to additional liability, all because documents were kept too long or deleted improperly.
Retention policies include many different types of data, not the least of which are emails and other electronic information (ESI). Electronic information is not just found on laptops and desktop computers; ESI includes instant messaging programs, websites, voicemail, cell phones, data recorders, PDA’s & Blackberry devices, flash drives, and the list continues to grow.
EVERY company should have a formal document retention policy, and this policy must be actively enforced. When an organization is aware of or reasonably expects the likelihood of pending legal matters, it is required to implement a “Litigation Hold” to retain any information or documents that the organization reasonably believes are discoverable in the anticipated litigation/investigation.
Outside of industry regulations and litigation hold requirements, a company only needs to keep electronic information for as long as is necessary for business purposes, but no longer than that. A well-developed retention policy can also serve as a tool to prepare for litigation, providing both in-house and outside counsel with a roadmap for finding information or documents in case of document requests.
Steps in Developing Retention Policy
1) Identify Information Assets
Identify types of information assets (esp. electronically stored information) the organization holds (i.e. email, client contracts, vendor service agreements, compliance documentation, product/service logs)
2) Legal/Regulatory/Compliance Issues
Identify any particular regulatory agencies or statutes that may govern the industry you are operating in
Identify any past/anticipated issues facing the organization from a litigation, regulatory, or compliance perspective
3) Establish Decision makers & Key Timelines
Identify key decision makers within the organization in IT, Legal, Human Resources, Records Management, Compliance, as well as C-Level executives and lay out appropriate time period for retention of organizational information or categories of organizational information
4) Prepare existing IT Infrastructure Roadmap
–Map existing IT architecture, including disaster recovery, storage infrastructure, and backup media/environments
–Prepare an organizational chart to identify key functional areas within the company/reporting relationships that may impact retention policies
–Identify any specific areas that need to be carved out from the general policy (i.e. financial records may need to be kept for 7 years, regardless of how the organization’s retention policy treats general data)
5) Implement, Monitor, & Review
–Implement new policy, monitor enforcement, and review policy periodically to ensure any new issues are addressed
A company’s retention policy is only as effective as its implementation
Retention policy must receive buy-in at the top management level and be enforced down through the organization
Retention policies should be easy to follow & should include periodic audits
Retention policies must also be renewed every few years, to allow for adjustments in company operations and changes in technology
Policies must recognize and address that different people store information in different ways
Hard drive
Network drive
Blackberry/PDA
Archived email folders
Retention policies should explicitly spell out how backup tapes are handled
If a company is to develop a functional retention policy, then it must know where all of its information and documents are kept and how that information is stored, including: names of custodians and types of servers and backup tapes used. eMag Solutions provides assistance in development of retention policies as part of its Electronic Discovery Preparedness Consulting and also offers its proprietary software as an effective tool in helping companies to organize and catalog their backup tapes. eMag can also help organizations define media policies and implement litigation holds. For more information, please contact us today.
Recent Comments