Electronic Records Management: The Legal Problem That Lurks Behind the Scenes

You think your company has a good case. From what you can gather, the allegations that your company stole trade secrets from a rival are completely unfounded. But then you enter discovery. Your opposition requests a whole host of e-mails ' predictable these days. That's when you realize you have a problem.

Your company's paper documents are retained under a regular schedule ' then destroyed when the are no longer of use ' as a matter of policy, kept no longer than they had to be. But these days, your company produces so many electronic documents ' mostly e-mail communications ' and with that change in technology has come a change in responsibility. Instead of your corporate records manager, your computer people in IT are in charge of e-mail and other electronic documents. To them, it's data, not records. Therein lies the problem.

You quickly realize that with all the storage your IT department has added to accommodate the expanding volume of e-mails your company produces, it has had no systematic program for eliminating e-mails that are no longer needed. As a result, you learn that the amount of e-mails and related electronic documents that must be retrieved under discovery is staggering ' hundreds of thousands.

It soon becomes clear that, although the case should have been defendable, it is more financially sound for the company to begin negotiating a settlement. Sound far-fetched? These kind of scenarios are happening more and more with today's proliferation of e-mail and the corresponding lack of corporate electronic records retention policies.

In a survey of more than 2200 corporate records managers to be released this month, nearly half (47%) said that electronic records were not included in their companies' retention policies. About six in 10 companies surveyed (59%) did not have any formal policy for the retention of e-mail. The survey, conducted online in September 2003 by Cohasset Associates Inc., in conjunction with ARMA International (The Association for Information Management Professionals) and AIIM International, The Enterprise Content Management Association revealed other troubling statistics.

Among them was whether companies have formal policies to place holds on records once litigation is filed or if an investigation is clearly forthcoming. Given how document destruction led to the demise of Arthur Andersen, one would think this would have been addressed in corporate America. Not so.

Forty-six percent of companies surveyed had no system in place for the retention of records in the event of pending litigation or a regulatory investigation. Furthermore, 65% said their companies' hold order policy ' if they had one ' did not include electronic records. Considering that today an estimated 80% to 90% of business records are generated electronically, the potential risk is enormous.

Retention of those records is overwhelmingly being handled by companies' IT departments (71%). But two-thirds of the records managers surveyed (67%) said their tech colleagues didn't understand the concept of “life cycle management” of documents. This core principal of records management concludes that documents have a life ' and ultimately a death when their usefulness to the business and all regulatory requirements for retaining that document have passed.

Sixty-two percent of those surveyed said they were “not at all confident” (33%) or “slightly confident” (29%) that their companies could demonstrate that their electronic records were accurate, reliable and trustworthy if legally challenged. Keep in mind, these are companies employing a records management professional. One can only imagine how dismal the reality is for firms without a records manager.

Given these clear risks, corporate counsel should start asking questions about how electronic records are retained in their organization and what factors lead to their ultimate destruction. Some steps to consider include:

• Establish a working relationship with records management. Get to know the people in your records management department, who can assist your office by implementing policies and procedures to ensure ongoing legal and regulatory compliance throughout the organization. Besides making sure records are retained properly and for the required period, your records managers can protect individual privacy and corporate confidentiality by restricting access to certain records and ensuring that records destruction is conducted according to pre-determined rules and procedures.
• Provide a liaison. Assign an attorney to become the key point of contact for the records management department. This attorney would be more focused on records, approving records retention schedules and records destruction. This member of the legal counsel's office would communicate the need for legal holds to prevent destruction of records needed for litigation and provide general legal guidance.
• Promptly provide all record holds. Communicate legal holds for records when they are relevant to on-going litigation or may be subject to a pending investigation, and do so in a timely fashion. Your records managers can be the ones that keep your organization from making headlines about obstruction of justice or destruction of evidence, but only if they know what records need to be removed from their place in the regular schedule for record destruction.
• Make the case to senior management. Have your General Counsel educate senior management about the needs, issues and compliance efforts undertaken by your records management department. If your records management department is going to be your legal partner their importance needs to be clear to those at the top.
• Become IT knowledgeable. Electronic records record create new challenges and vulnerabilities for an organization. While your opponent's e-mail server can be a goldmine during litigation, you want to keep your electronic records system from providing the same nuggets to your opponent. Electronic records must be protected from unauthorized alteration so they can be trusted in litigation.
• Provide liaison to compliance officer. Much like your liaison with the Records Management department, provide a liaison with your compliance officer. It only makes sense that someone from the corporate counsel's office would be a part of making sure the organization is operating within the parameters established by laws and regulations.
• Train your records manager(s). If called on to testify, make sure your records manager is properly trained about Rule 30(b)(6) of the Federal Rules of Civil Procedures, which advises that a records manager must only testify to “matters known or reasonably available to the organization.”
• Help develop a digital preservation plan. If yours is one of the many organizations yet to address the need to include electronic records on a document retention schedule, be a part of the solution. Provide the legal input about the need to be able to produce records in a timely fashion for as long as they must be retained. It's not uncommon for retention requirements to be 10 to 15 years, while other records must be retained indefinitely or permanently.

Technology has changed the state of business records today. Those changes can someday have an incredible ' even devastating ' legal impact on your organization, if you let them. Corporate counsel who address these issues head on could end up being the unknown saviors to their organizations. Those who don't address these risks may someday face having to settle an otherwise defendable case, just to avoid extraordinarily high discovery costs. Or, worse yet, left unchecked, these records issues could leave your company exposed to become the next example of corporate scandal. The choice is yours.

Select Survey Findings

Do your records management policies and procedures address electronic records?

Yes ' 56%
No ' 40%
Don't know ' 4%

Does your organization have comprehensive records retention schedules which include electronic records?

Yes ' 53 percent
No ' 47 percent

Does your organization currently have a formal system for records hold orders setting aside for an indefinite period of time those records that are deemed relevant to an existing or pending legal or regulatory proceeding?
Yes ' 54%
No ' 46%

Does your system for records hold orders include electronic records?

Yes ' 35%
No ' 65%

To view the full survey, please visit www.merresource.com/whitepapers/survey.htm.

You think your company has a good case. From what you can gather, the allegations that your company stole trade secrets from a rival are completely unfounded. But then you enter discovery. Your opposition requests a whole host of e-mails ' predictable these days. That's when you realize you have a problem.

Your company's paper documents are retained under a regular schedule ' then destroyed when the are no longer of use ' as a matter of policy, kept no longer than they had to be. But these days, your company produces so many electronic documents ' mostly e-mail communications ' and with that change in technology has come a change in responsibility. Instead of your corporate records manager, your computer people in IT are in charge of e-mail and other electronic documents. To them, it's data, not records. Therein lies the problem.

You quickly realize that with all the storage your IT department has added to accommodate the expanding volume of e-mails your company produces, it has had no systematic program for eliminating e-mails that are no longer needed. As a result, you learn that the amount of e-mails and related electronic documents that must be retrieved under discovery is staggering ' hundreds of thousands.

It soon becomes clear that, although the case should have been defendable, it is more financially sound for the company to begin negotiating a settlement. Sound far-fetched? These kind of scenarios are happening more and more with today's proliferation of e-mail and the corresponding lack of corporate electronic records retention policies.

In a survey of more than 2200 corporate records managers to be released this month, nearly half (47%) said that electronic records were not included in their companies' retention policies. About six in 10 companies surveyed (59%) did not have any formal policy for the retention of e-mail. The survey, conducted online in September 2003 by Cohasset Associates Inc., in conjunction with ARMA International (The Association for Information Management Professionals) and AIIM International, The Enterprise Content Management Association revealed other troubling statistics.

Among them was whether companies have formal policies to place holds on records once litigation is filed or if an investigation is clearly forthcoming. Given how document destruction led to the demise of Arthur Andersen, one would think this would have been addressed in corporate America. Not so.

Forty-six percent of companies surveyed had no system in place for the retention of records in the event of pending litigation or a regulatory investigation. Furthermore, 65% said their companies' hold order policy ' if they had one ' did not include electronic records. Considering that today an estimated 80% to 90% of business records are generated electronically, the potential risk is enormous.

Retention of those records is overwhelmingly being handled by companies' IT departments (71%). But two-thirds of the records managers surveyed (67%) said their tech colleagues didn't understand the concept of “life cycle management” of documents. This core principal of records management concludes that documents have a life ' and ultimately a death when their usefulness to the business and all regulatory requirements for retaining that document have passed.

Sixty-two percent of those surveyed said they were “not at all confident” (33%) or “slightly confident” (29%) that their companies could demonstrate that their electronic records were accurate, reliable and trustworthy if legally challenged. Keep in mind, these are companies employing a records management professional. One can only imagine how dismal the reality is for firms without a records manager.

Given these clear risks, corporate counsel should start asking questions about how electronic records are retained in their organization and what factors lead to their ultimate destruction. Some steps to consider include:

• Establish a working relationship with records management. Get to know the people in your records management department, who can assist your office by implementing policies and procedures to ensure ongoing legal and regulatory compliance throughout the organization. Besides making sure records are retained properly and for the required period, your records managers can protect individual privacy and corporate confidentiality by restricting access to certain records and ensuring that records destruction is conducted according to pre-determined rules and procedures.
• Provide a liaison. Assign an attorney to become the key point of contact for the records management department. This attorney would be more focused on records, approving records retention schedules and records destruction. This member of the legal counsel's office would communicate the need for legal holds to prevent destruction of records needed for litigation and provide general legal guidance.
• Promptly provide all record holds. Communicate legal holds for records when they are relevant to on-going litigation or may be subject to a pending investigation, and do so in a timely fashion. Your records managers can be the ones that keep your organization from making headlines about obstruction of justice or destruction of evidence, but only if they know what records need to be removed from their place in the regular schedule for record destruction.
• Make the case to senior management. Have your General Counsel educate senior management about the needs, issues and compliance efforts undertaken by your records management department. If your records management department is going to be your legal partner their importance needs to be clear to those at the top.
• Become IT knowledgeable. Electronic records record create new challenges and vulnerabilities for an organization. While your opponent's e-mail server can be a goldmine during litigation, you want to keep your electronic records system from providing the same nuggets to your opponent. Electronic records must be protected from unauthorized alteration so they can be trusted in litigation.
• Provide liaison to compliance officer. Much like your liaison with the Records Management department, provide a liaison with your compliance officer. It only makes sense that someone from the corporate counsel's office would be a part of making sure the organization is operating within the parameters established by laws and regulations.
• Train your records manager(s). If called on to testify, make sure your records manager is properly trained about Rule 30(b)(6) of the Federal Rules of Civil Procedures, which advises that a records manager must only testify to “matters known or reasonably available to the organization.”
• Help develop a digital preservation plan. If yours is one of the many organizations yet to address the need to include electronic records on a document retention schedule, be a part of the solution. Provide the legal input about the need to be able to produce records in a timely fashion for as long as they must be retained. It's not uncommon for retention requirements to be 10 to 15 years, while other records must be retained indefinitely or permanently.

Technology has changed the state of business records today. Those changes can someday have an incredible ' even devastating ' legal impact on your organization, if you let them. Corporate counsel who address these issues head on could end up being the unknown saviors to their organizations. Those who don't address these risks may someday face having to settle an otherwise defendable case, just to avoid extraordinarily high discovery costs. Or, worse yet, left unchecked, these records issues could leave your company exposed to become the next example of corporate scandal. The choice is yours.

Select Survey Findings

Do your records management policies and procedures address electronic records?

Yes ' 56%
No ' 40%
Don't know ' 4%

Does your organization have comprehensive records retention schedules which include electronic records?

Yes ' 53 percent
No ' 47 percent

Does your organization currently have a formal system for records hold orders setting aside for an indefinite period of time those records that are deemed relevant to an existing or pending legal or regulatory proceeding?
Yes ' 54%
No ' 46%

Does your system for records hold orders include electronic records?

Yes ' 35%
No ' 65%

To view the full survey, please visit www.merresource.com/whitepapers/survey.htm.