Document retention policy can get your arms around e-discovery

07 Jul Document retention policy can get your arms around e-discovery

Editor’s note: This is Part III of a four-part series on e-discovery written by attorneys from the law firm Michael Best & Friedrich.

As information that a business receives, creates and utilizes expands over time, so does the risk of loss of that information or control over it. Besides the practical realities of running a business with ever expanding information organizational needs, the ability to access information when faced with litigation is crucial for a business’ ultimate success in court.
Recent WTN articles focused on changes to the Federal Rules of Civil Procedure governing discovery of electronically stored information (“ESI”) in cases litigated in federal court. These rules not only focus on the text of the documents, but also on the information behind the documents, and the various systems where this information resides. Courts may impose sanctions for lost or destroyed information.
A safe harbor from sanctions exists in certain circumstances for destroyed or lost information in certain circumstances. Systems need to be identified in advance and procedures put in place pursuant to a document/information retention policy in order to reduce the chance that relevant information is lost, altered, or destroyed, and to reduce the risk of sanctions if, in fact, destruction of information occurs.
The benefits of a written document retention policy and formalized review process are many and obvious and can be summarized as follows.
• Regulatory compliance often requires critical data be kept for a statutory minimum amount of time. Ad hoc policing will increase the risk of failing to meet certain regulatory requirements governing retention of information.
• Business efficiencies should be realized when the company knows what data it keeps and where it is kept. Ad hoc, employee-driven retention of documents can lead to over retention and under retention of documents, making it difficult, if not impossible, to track documents and information.
• The risk of sanctions from a court can be reduced where potentially relevant information is inadvertently lost or destroyed if a document and information retention policy is in place.
• Given that more and more information is maintained electronically, the ability of your company to present its best case for trial may depend on locating its best evidence in electronic form.
For the record
What follows is a suggested method to assist in organizing and developing a retention policy for your business.
1. Identify and “memorialize” all categories and sources of documents and information.
2. Understand where the information is located within the organization. Often this will result in creating a map of your business storage assets (i.e. warehousing files and hardware for ESI) detailing where ESI and where hard copy documented information is kept.
3. Establish retention periods for the information. In this regard, identify all legally mandated document retention periods (an alphabet soup of laws exist – ERISA, OSHA, HIPPA, FMLA – have mandated retention periods). Where there is no legally mandated retention period, establish additional retention periods based on the particular business needs of the company. There are varied sources of materials available to assist in making the decision as to the length of time to retain documents and the form and wording of the particular policy. See e.g. “Info Paks for Record Retention” published by the American Corporate Counsel Association in Washington, D.C.; “Records Retention for Enterprise Knowledge Management” published by BNA (2006).
4. Incorporate privacy and confidentiality controls over retained documents and information.
5. As e-mail is the most prevalent source of information in organizations, this category of documents deserves special attention by the company. Suffice to say, e-mail policies need to be developed to control usage and storage of this information. There are many qualified vendors who can provide the requisite expertise to manage and store e-mail if the business does not have this expertise internally.
6. Once created, approved, and disseminated by management, the document retention policy should be followed throughout the company consistently. Upper management should disseminate the policy to all employees so that employees recognize the need that the policy be followed.
7. Suspend destruction of documentation for potential litigation. One of the most important aspects of a document retention policy is the requirement that any document destruction cease once the company becomes aware of actual or potential litigation. What is needed to trigger the suspension is a “reasonable anticipation” of litigation. The process for suspending the destruction of documents is a separate matter discussed in Part IV of this series. Once litigation is foreseeably anticipated, the critical areas and key persons that possess potentially discoverable information must be identified and instructed to preserve relevant information. Any destruction of documents or information that is part of a routine company document retention policy must cease at that point.
8. Set up procedures to audit compliance with the policy.
As with other areas of your business, be proactive and not reactive in order to minimize the regulatory and financial risks.
Related articles
• Juan Ramirez: Finding “Safe Harbor” in a sea of electronic discovery
• Tim Hansen: Quick peeks, Clawback Agreements, and the rules of electronic discovery
• Fusion 2007: IT threats make risk management paramount
• Fusion 2007: In “e-legalities,” CIOs and lawyers combine to provide business value