How would you describe your electronic document retention policy? Are you prepared to defend it in court?
A recent Wall Street Journal CIO Report article highlighted the fact that executives charged with overseeing the systems which store electronic documents and correspondence may now find themselves more deeply involved with litigation involving document retention. If you have responsibility for information technology in your organization this is critically important to you personally and professionally.
First, in the event of litigation, executives may be called to testify about how data flows through their systems and how and when it is retained. In an environment featuring ongoing technological changes, this is no small feat.
Second, CIOs and others may be personally liable for issues relating to e-discovery and document retention. That should be very disconcerting if you’re not prepared to handle a litigation hold or deal with e-discovery requirements.
Electronic document retention is a serious problem. If you don’t have a comprehensive solution in place you may find yourself in a very uncomfortable and expensive situation.
What’s the Worst Case Scenario?
When companies are notified of pending lawsuits, they are obligated to save any relevant correspondence and other material that could be deemed related to the issue. IT, Compliance, and Legal departments all play a role in making this happen.
Taking a step back, where would you find yourself if the phone rings and counsel gives you notice of a legal hold on your corporate electronic document system:
1.We have a policy that is aligned with our regulatory obligations. Our policies and procedures accurately reflect the technology in place today. Users have all been trained and the system is fully automated.
2.We don’t have a policy. We don’t know what our obligations are and there’s no solution in place to support document retention or e-discovery.
3.We have a policy. The policy may not reflect our current IT infrastructure. User training is limited and our solution lacks automation so there may be gaps that allow important documents to fall through the cracks.
Which one of these is the worst case scenario? You may be inclined to choose option two, but that’s a mistake. Option three is much, much worse. Having a policy and not following it exposes you to a number of risks around spoliation of evidence. This can be extremely painful as your non-compliance with your own policy can be interpreted as intent to hide or destroy critical documents.
Electronic Document Retention is Complicated
Understanding the ins and outs of electronic document retention is tough. You’ve got a mix of ambiguous legal standards and regulatory controls that are being applied to complex technological solutions touching everyone in the organization. You likely have different requirements for different types of documents. The number of solutions available both for normal use and for retention / e-discovery is staggering. There is no off the shelf solution that will work for every organization.
Some organizations may be tempted to sidestep the issue either by letting end users decide what to keep or by simply keeping copies of everything. Neither of these is a good approach.
Letting end users decide can be hugely problematic. You’ll have some users who delete documents before retention periods are up. You’ll have other long term employees who keep every piece of correspondence, which incurs unnecessary costs for your organization. This isn’t a good plan because it introduces too many opportunities for mistakes to be made.
Simply saving everything forever isn’t a good option either. This is counterintuitive to many organizations because the cost of storage is always getting cheaper. The technical solutions for comprehensive retention are reasonable to implement in many cases. Storage is not where the costs lie though. Saving everything exposes your organization to unnecessary litigation risk by retaining documents beyond the required retention periods. Meanwhile although storage might be cheap, the discovery process is definitely not. Searching, sorting, and reviewing large volumes of unnecessary and irrelevant electronic documents can be hugely expensive when you’re being charged by the hour.
Where Do We Go From Here?
This isn’t a problem that will be solved exclusively by the IT department. While they have a role to play, they’re not subject matter experts on your obligations. In addition very few IT departments have experience with the solutions available today to automate retention.
At the same time, it’s rare to find legal and compliance experts who have deep knowledge of technology. They may understand the legal and regulatory frameworks around your retention obligations but when it comes to executing it on a daily basis that’s a different story entirely.
What you need is someone to facilitate a discussion around the issue that includes IT, legal, compliance, and other subject matter experts throughout your organization. Getting these groups to come together, produce an actionable policy, and implement a technical solution is critically important to reducing your exposure to litigation risk.
Want to start a conversation about electronic document retention and IT compliance concerns? Don’t wait. Send me an email at firstname.lastname@example.org.