electronic records retention: a pragmatic view or “ya’ gotta know when to hold ‘em, and know...

Electronic Records Electronic Records Retention:Retention:

A Pragmatic ViewA Pragmatic View Or Or

““Ya’ Gotta Ya’ Gotta Know When to Hold ‘em, Know When to Hold ‘em,

and Know When to Fold ‘emand Know When to Fold ‘em””

©2008 – Learn Consulting

DisclaimerDisclaimer

Learn Consulting Does Not Provide Legal Advice. If you are in Need of Legal Advice, Consult a Competent Attorney.

© 2008 – Learn Consulting

Goals of an ERR PolicyGoals of an ERR Policy

Meet Business Objectives and Requirements

Assure Statutory, Regulatory, and Judicial Compliance

Maintain Cost Effective Business Practices


Discovery BlackMail!Discovery BlackMail!

Avoid a Situation Where It Becomes Cheaper to Settle Litigation than to Comply with Requirements of Discovery!


Known When to Hold 'Em Known When to Hold 'Em

Last May, Wall Street was stunned when a jury ordered white-shoe firm Morgan Stanley to pay financier Ron Perelman $1.58 billion for the bank's role in a botched deal. Almost as stunning as the award: the high-profile case turned on Morgan Stanley's failure to turn over requested electronic documents.


(Source: CFO Magazine)

Known When to Hold 'Em Known When to Hold 'Em

The average U.S. corporation is currently contending with 37 lawsuits — and, increasingly, litigants are demanding to see defendants' digital documents.


(Source: CFO Magazine)

Known When to Hold 'EmKnown When to Hold 'Em

Only 57 percent of U.S. businesses have records-retention policies.

Many businesses craft retention policies that cover memos, Word files, and the like, but not E-mail, instant messages, or other "unstructured" data.

The convergence of mobile phones with computers will cause even more problems.


(Source: CFO Magazine

You Don’t Have to Manage You Don’t Have to Manage What You Never Created!What You Never Created!

If There Isn’t a Reasonable Business Need to Create an ER, Don’t Create It!



Implement and Enforce Appropriate E-Mail, IM, Text Message, etc., Policies and Procedures that Discourage the Creation of Superfluous ERs that are Potentially Dangerous, Costly to Manage and Store, and Totally Unnecessary!



Discourage, Control and/or Prohibit Personal Use of Corporate Electronic Messaging Technologies!

Manage and Control Use of Outside E-Mail Accounts by Employees.

Axiom: E-Mail Lives Forever!!– It is Very Difficult, If Not Impossible, to Determine

Where the E-Mail May Have been Forwarded and/or Stored!


Disaster RecoveryDisaster RecoveryERR Must Be Credibly

Included in Disaster Recovery Strategies, Plans, Processes and Policy.

A Judge May Be Less Than Understanding About a Hard Drive Crash or Virus Attack!


What About Encryption?What About Encryption?

Make Sure Your Policy Addresses the Ability to Recover Archived Records That Are Encrypted!!


What About Encryption?What About Encryption?

Make Sure You Have the Keys to Encrypted Records!!

Maintain an Encryption Policy!


Business ImperativesBusiness ImperativesProcess and consistency will be key

when retaining electronic records. In order for the enterprise to verify the

authenticity and origin of an electronic record, it must have in place a system to capture and catalog identifying metadata.

Enterprises will need to factor into any electronic records retention policy any outsourcing agreements in which they participate.


(Source: RFG Research)

Bottom LineBottom LineIT executives should ensure that their e-records IT executives should ensure that their e-records retention policy is comprehensive, well documented, and retention policy is comprehensive, well documented, and covers issues such as outsourced arrangements and covers issues such as outsourced arrangements and non-business system use. IT executives should non-business system use. IT executives should investigate the effect of various business arrangements investigate the effect of various business arrangements and procedures in light of their formulation of this policy. and procedures in light of their formulation of this policy. Furthermore IT executives should validate that the Furthermore IT executives should validate that the procedures established as a result of the policy procedures established as a result of the policy effectively address all the tenets of the policy. This will effectively address all the tenets of the policy. This will help to ensure that the enterprise is not left exposed in help to ensure that the enterprise is not left exposed in times of investigation or litigation, should such a times of investigation or litigation, should such a scenario arise.scenario arise.


(Source: RFG Research)

Honest, Your Honor!Honest, Your Honor!

The Courts currently appear to allow significant discretion when it comes to ERR, Provided the Policy is:– Reasonable– Consistent, and– Rigorously Enforced


ReasonableReasonable

Policy Is Written, Widely Promulgated, and Reflects Adequate Training of Affected Personnel

Meets Statutory, Regulatory and Judicial Requirements (including Provisions for Placing Legal Holds on Documents)


ReasonableReasonable

Promotes Reasonable and Understandable Business Objectives and Requirements

Is Inclusive and Encompassing


ConsistentConsistent

Codified at the Highest Level of the Organization

No Exceptions (or Exceptions are Rigorously Handled within a Documented Process within the Policy)


ConsistentConsistent

Enduring; e.g., Not Implemented or Changed as the Result of (or in Temporal Proximity to) Anticipated or Actual Litigation

Specific and Organization-Wide


Rigorously EnforcedRigorously Enforced

Ultimate Responsibility and Authority for Implementation and Enforcement Is Vested in a Specific Individual (i.e., Not a Position, Organizational Unit, etc.)

There is a Clear Record of Compliance Over an Extended Period of Time


Assure You Can Read Assure You Can Read Archived DataArchived Data

Much of NASA’s Early Space Exploration Data Is Irrecoverable.

Must Also Archive Software Used To Recover Data.


(Source: Ohio Historical Society)

““Know When to Fold ‘em”Know When to Fold ‘em”

Kill Expired Records!! …and Kill them

Again! Make Certain They

Are Dead!! Wounded Records

Will Come Back to Haunt You!!


Questions/Discussion??Questions/Discussion??
