Companies have good reasons to preserve e-mail and other electronic records for a specific period. And also good reasons to destroy records at the end of that period. But preservation entails more than simply storing information on computers, disks and tapes—and destruction entails more than simply deleting old files.
Why You Need A Policy: A 1999 study found that 92 percent of companies store records in electronic form, but only 28 percent developed a policy for retaining electronic records. To understand why you need a comprehensive policy for preserving and destroying electronic records, let’s examine the increasingly central role that e-mail and other electronic evidence play in lawsuits and other disputes.
E-records and e-mail in particular have become smoking guns—especially in lawsuits. For example, an employee-plaintiff might use e-mail against the employer-defendant.
E-mail is a nearly instantaneous medium of communication in which users: (a) Write or include information that they wouldn’t dream of expressing in traditional business letters, (b) Tend to be less inhibited about making derogatory or disparaging comments and may tend to use profanity and vulgarity, (c) Often hit the “send” button without considering whether they revealed more information than they should, (d) Believe e-mail is private and secure as long as it doesn’t leave the company’s internal communications network, and (e) Assume the deleting e-mail removes it from the computer and renders it irretrievable, especially if deleted without ever being printed out.
These points are particularly dangerous when we recognize that information available electronically can be easily and quickly transmitted to many locations worldwide. New drive-imaging technology can recover deleted electronic files from, for example, computer hard drives, disks, servers, handheld devices, cell phones, voicemail and other media. Additionally, company policy may require system backups that regularly save and archive information.
Elements of A Good Policy: Few courts differentiate between paper and electronic records. Recent changes in the Federal Rules of Civil Procedure limit broad electronic discover requests, particularly relating to e-mail, and allow a court to weigh the benefits and burdens of proposed discovery. A court can assess all or part of the costs of computerized discovery against the requesting party. So you should develop a comprehensive preservation-and-destruction policy that includes electronic records. Plan your policy carefully and apply it consistently. Consider these elements in developing your policy:
1. Backup. Develop a team composed of your managers, information technology staff and attorney to decide how often—and on what storage media—to back up and store all the data on your workstations, mainframe and network—including all files on company servers. Many companies back up their systems daily.
2. Retention. Work with your attorney to determine how long to preserve records whether or not governed by statute. For instance, consider how long you might need to maintain records that may be required to defend a substantial claim brought against your company. Also consider retaining all necessary software and equipment required to retrieve those records.
3. Organization. Catalog your electronic backup data—you might want to index it by date, user or any other criteria—for easy retrieval if needed for business, legal or other purposes.
4. Destruction. At the end of the retention period for each kind of electronic record, destroy the data. Don’t just delete it. You must “wipe” all tapes, disks, and other electronic storage media (and “scrub” hard drives)—or else physically destroy them. You can buy off-the-shelf utilities that will wipe and scrub, such as Symantec’s WipeDisk and Cipher Logics’ SecureDelete. Some companies establish a maximum of 60 or 90 days for retaining e-mail messages on individual employee’s hard drives, unless related to ongoing projects. Some systems automatically purge e-records, e-calendars or similar information, so you must act to retain them.
5. Exceptions. Don’t destroy evidence that is subject to a discovery request in litigation or that you are required by a court, or the the rules of a court, to retain; otherwise you may be subject to serious sanctions or penalties. Consult your attorney before you destroy any information that may be relevant to a lawsuit, dispute or litigation (even if you are not a party to that suit). You may need that information to defend or prove a claim that might eventually involve you. Consider establishing a special process of suspending regular document maintenance and destruction practices when litigation occurs.
6. Encryption. Consider encrypting some types of e-records, particularly privileged information. If you encrypt any data, keep a record of the encryption program used, the decryption passwords and decryption software in case you later need to produce the data.
Enforce Your Policy. Give careful thought to your retention-and-destruction policy because of the long-term ramifications that could result if a court orders you to produce electronic records. Of course, you must communicate your policy to employees and regularly inform them of updates and changes. Designate an employee or department to monitor the retention and destruction of electronic records. And enforce your policy consistently and firmly.
Acknowledgement: By: Kahn, Kleinman, Yanowitz & Arnson Co., L.P.A. This article is reprinted with permission from the March/April issue of “Legal Alert” newsletter published by Kahn, Kleinman, Yanowitz & Arnson Co., L.P.A., 1301 East Ninth Street, Suite 2600, Cleveland, OH 44114-1824; (216) 696-3311. For back issues of this newsletter, or additional information about the law firm, visit: http://www.kahnkleinman.com.
ConstructionRisk.com Report, Vol. 4, No. 7 (Jul/Aug 2002)