Records retention policy
The issue of records retention is one that has concerned us for quite some time. We would suggest you re-read our initial article (December 1998) on records retention policies, and integrate that information with this new update on Electronically Stored Information, or ESI as it is called.
Note upfront that we are not lawyers, and that what we are presenting here is not legal advice. Rather, these are some issues and suggestions that you should take to counsel for discussion.
In many cases it appears to us that ESI is discoverable. Failure to preserve ESI according to a written policy might allow judges and juries to draw the conclusion that the business had something to hide. You might be tainted with guilt and non-compliance for not having something they assume you should have. Crazy as it seems, by failing to have a written records retention policy that deals with ESI, you are then presumed to have whatever the other side alleges you should have. When you can’t find the records they ask for, you may end up in a battle to show how their allegations of malfeasance or misfeasance are unfounded. In theory it sounds bad. In practice it is worse!
Here are some suggestions on what you should discuss with counsel.
A. Identification of all of those things you have floating around that may have ESI implications. Sure, we know about computers. But do not forget PDAs, cell phone records (including calls dialed, received, text messages, and photos), digital images and sounds on cameras computer CDs and DVDs, video recorders, offsite records backup, Web-based e-mail, flash drives, programmable calculators…. Now, this may be a daunting list for the average service business; however, if you are a technical business with lab and field equipment, you have to deal with all of the ESI that may be contained within your equipment.
B. Once you have catalogued where all of your ESI may be resident, choices need to be made. You need to discuss what stays and what goes and why. There are all sorts of rules and regulations about how long to keep things depending upon what they might be and to what they may relate. Your counsel should have concrete ideas about the law on those areas that apply to you. Don’t guess. Your written policy should carry these statutory requirements, plus establishing a policy for retention or destruction of data for which there is no statutory retention requirement. We recommend a policy of getting rid of as much as possible as soon as possible within the provisions of statute, accompanied by the actual practice of getting rid of data as specified by this policy.
C. All electronic devices require maintenance so they function at an optimal level. Maintenance often means shuffling data, archiving old data, and erasing cashes of data and unused material. We all know that much erased data may remain resident on our machines. Is that erased data now part of a discoverable records? We believe so, but you should verify this with counsel for your specific circumstances. So your records retention policy may additionally need to address the consequences of t of maintenance on devices containing records.
D. Getting it right can only be verified by testing. Our suggestion is to put together a team to test your system, with the team consisting minimally of an attorney and a technical person. The attorney can read over the policy, and the technical person can make sure the technical stuff works.