An Information Governance Policy, often called Records Retention, is a critical aspect of your business and you ignore it at your own peril. The intensity of the game ramped up with 2006 amendments to the Federal Rules of Civil Procedure (FRCP) governing Electronically Stored Information (ESI.) Without a good retention and media destruction policy, in a lawsuit, you could be forced to turn over all the bits, bytes, and pixels cluttering up the hard drives, CDs, outdated floppy disks, and flash drives owned by your company. Even the old cell phones in the bottom drawer of the filing cabinet may contain photos, contact lists, texts, and other information.
Elements of an Effective ESI Records Retention Policy
- The most important element is to create and implement the ESI portion of the retention plan before the lawsuit. If the plan is reasonable and being adhered to, the judge is less likely to impose sanctions for discovery violations.
- Designate an ESI officer to work with whoever is in charge of physical records. This person should be an IT professional who can quickly identify and implement a litigation hold to prevent routine or intentional destruction of ESI.
- Identify the types of records your company generates and how they are stored. This includes everything from email to financial records.
- Email can be the knock-out punch in legal discovery. Institute and enforce a company email policy. Remind all employees and managers that email, despite the disclaimer at the bottom of the message, is not confidential. If you aren’t willing to stand up in open court and say it, then don’t type it, don’t send it, don’t save to physical media and stick it in a “CYA” file.
- Set a reasonable routine and program for purging records and stick to it. Federal, state, and local regulations often have time requirements for keeping records (for example, seven years for tax records.) The records officer should sit down with the company’s financial and legal advisers develop a list of required record retention and times. Once a record is expired – get rid of it.
If it Exists, it Can End Up in Court
There is often nothing harder than convincing managers and employees to give up records. This can be devastating to the company in court. For example, a company’s records policy states that product order sheets will be kept for five years. The records retention officer boxes up all the expired invoices and spreadsheets and sends them to the shredder. The ESI officer wipes them off the company servers. However, a clerk has scanned them all to CD and keeps them in her drawer “just in case.” If the opposing side asks for “all data, in all storage forms, concerning sales for the last ten years,” those CDs must be turned over, even if the official records have been purged pursuant to policy. Failure to comply can result in hefty fines and penalties.
Does your company have a dusty storage room full of old computers left over from the last upgrade? The data on the hard drives is subject to inspection by the opposing party and their cadre of lawyers and forensic data technicians.
Creating a business climate that prohibits personal record hoards and encourages purging media, including obsolete computer hard drives, as well as outdated CDs, USB drives, cell phones, and floppy disks, protects the entire company in the event of a lawsuit. Once the lawyers and auditors have identified the records and retention time subject to the plan, the experienced data security technicians of Phiston can work with your ESI officer to identify what needs to be part of your records retention and purging procedure and the best data crushers for the job. Contact us for more information to discuss your ESI purging needs.