Electronic Records Management: The Legal Problem That Lurks Behind the Scenes

You think your client's company has a good case.

From what you can gather, the allegations that your company, or one you represent, stole trade secrets from a rival are completely unfounded.

But then you enter discovery. Your opposition requests a whole host of e-mails ' predictable these days.

And that's when you realize you have a problem, because the company's paper documents are retained under a regular schedule ' then destroyed when the are no longer of use; as a matter of policy, they are kept no longer than they have to be.

But these days, e- and brick-and-mortar firms produce so many electronic documents ' mostly e-mail communications ' that a change in responsibility has followed. Instead of corporate-records managers handling it, computer people in IT are in charge of e-mail and other electronic documents. To them, it's data, not records.

See the difficulty?

Outside and in-house counsel quickly realize that with all the storage IT departments have added to accommodate the expanding volume of e-mails a company produces, some firms have no systematic program for eliminating no-longer needed e-mails. As a result, you learn that the amount of e-mails and related electronic documents that must be retrieved under discovery is staggering ' hundreds of thousands. It soon becomes clear that, although the case should have been defendable, it's more financially sound for the company to begin negotiating a settlement.

Sound far-fetched?

Not so far-fetched, it turns out.

These kind of scenarios are showing up more often with today's proliferation of e-mail and the corresponding lack of corporate electronic records-retention policies.

What The Stats Say

In a recent survey of more than 2,200 corporate-records managers, nearly half (47%) said that electronic records were not included in their companies' retention policies. About six in 10 companies surveyed (59%) had no formal e-mail retention policy. The survey, conducted online in September 2003 by Cohasset Associates Inc., in conjunction with ARMA International (The Association for Information Management Professionals) and AIIM International, The Enterprise Content Management Association, revealed other troubling statistics.

Among them was whether companies have formal policies to place holds on records once litigation is filed or if an investigation is clearly forthcoming. Given how document destruction led to the demise of Arthur Andersen, one would think this would have been addressed in corporate America.

Think again.

Forty-six percent of companies surveyed had no system in place for retention of records in the event of pending litigation or a regulatory investigation. Furthermore, 65% said their companies' hold-order policy ' if they had one ' didn't include electronic records. Considering that today an estimated 80% to 90% of business records are generated electronically, the potential risk is enormous.

Retention of those records is overwhelmingly being handled by companies' IT departments (71%). But two-thirds of the records managers surveyed (67%) said their tech colleagues didn't understand the concept of document “life cycle management.” This core principle of records management concludes that documents have a life ' and, ultimately, a death ' when their usefulness to the business and all regulatory requirements for retaining the documents have passed.

Sixty-two percent of those surveyed had problems with their establishments' e-records systems. For instance, 33% said they were “not at all confident” and 29% were “slightly confident” that their companies could demonstrate that their electronic records were accurate, reliable and trustworthy, if legally challenged. Keep in mind that these are companies employing a records-management professional; one can only imagine how dismal the reality is for firms without a records manager.

[See selected survey results below.]

The Best Defense …

Given these clear risks, corporate counsel and outside legal advisers should start asking questions about how electronic records are retained in their organization and what factors lead to their destruction.

Some steps to consider follow.

• Establish a working relationship with records management. Executives and others who might be involved in discovery and aspects of litigation should get to know the people in their records-management department who can assist in implementing policies and procedures to ensure ongoing legal and regulatory compliance across the organization. Besides making sure records are retained properly and for the required period, records managers can protect individual privacy and corporate confidentiality by restricting access to certain records and ensuring that records destruction is conducted according to predetermined rules and procedures.
• Provide a liaison. Assign an attorney to become the key point of contact for the records-management department. This attorney would be more focused on records, approving records-retention schedules and records destruction. He or she ' a member of the legal counsel's office ' would communicate the need for legal holds to prevent destruction of records needed for litigation and provide general legal guidance.
• Promptly provide all record holds. Communicate legal holds for records when they are relevant to on-going litigation or may be subject to a pending investigation, and do so in a timely fashion. Records managers can be the ones who keep an organization from making headlines about obstruction of justice or destruction of evidence, but only if they know what records need to be removed from their place in the regular schedule for destruction.
• Make the case to senior management. Have general counsel educate senior management about a records-management department's needs, issues and compliance efforts. If a records-management department is going to be a legal partner, then that department's importance must be clear to those at the top.
• Become IT knowledgeable. Electronic records create new challenges and vulnerabilities for an organization. While an opponent's e-mail server can be a gold mine during litigation, you want to keep your client's electronic-records system from providing the same nuggets to the opponent. e-Records must be protected from unauthorized alteration so that they can be reliable litigation tools.
• Provide liaison with compliance officer. Much like a liaison with the records-management department, a liaison with the company's compliance officer should be provided. It only makes sense that someone from the corporate-counsel's office would be a part of making sure the organization is operating within the parameters established by laws and regulations.
• Train the records manager(s). If he or she is called to testify, make sure that the records manager is properly trained about Rule 30(b)(6) of the Federal Rules of Civil Procedure, which advises that a records manager must testify only to “matters known or reasonably available to the organization.”
• Help to develop a digital preservation plan. If the organization that you represent is one of the many organizations yet to address the need to include electronic records on a document-retention schedule, then step in and be a part of the solution ' now. Suggest a schedule, and provide the legal input about the need to be able to produce records in a timely fashion for as long as they must be retained. It's not uncommon for retention requirements to be 10 to 15 years, while other records must be retained indefinitely or permanently.

A Fast-Changing World

Technology has changed the state of business records, and expectations all around when those records might be used in litigation. Those changes can some day have a devastating legal impact on an organization, if that devastation is allowed to occur. Corporate and other counsel who address these issues head on could end up being the unknown saviors to their organizations. Those who don't address these risks might some day have to settle an otherwise defendable case, just to avoid extraordinarily high discovery costs. Or, worse, left unchecked, these records issues could leave your company exposed to become the next example of corporate scandal.

It's your choice.  

Do your records-management policies and procedures address electronic records?

Yes – 56%
No – 40%
Don't know – 4%

Does your organization have comprehensive records-retention schedules that include electronic records?

Yes – 53%
No – 47%

Does your organization have a formal system for record hold orders setting aside for an indefinite period of time those records that are deemed relevant to an existing or pending legal or regulatory proceeding?

Yes – 54%
No – 46%

Does your system for record hold orders include electronic records?

Yes – 35%
No – 65%

To view the full survey, please visit www.merresource.com/whitepapers/survey.htm.

You think your client's company has a good case.

From what you can gather, the allegations that your company, or one you represent, stole trade secrets from a rival are completely unfounded.

But then you enter discovery. Your opposition requests a whole host of e-mails ' predictable these days.

And that's when you realize you have a problem, because the company's paper documents are retained under a regular schedule ' then destroyed when the are no longer of use; as a matter of policy, they are kept no longer than they have to be.

But these days, e- and brick-and-mortar firms produce so many electronic documents ' mostly e-mail communications ' that a change in responsibility has followed. Instead of corporate-records managers handling it, computer people in IT are in charge of e-mail and other electronic documents. To them, it's data, not records.

See the difficulty?

Outside and in-house counsel quickly realize that with all the storage IT departments have added to accommodate the expanding volume of e-mails a company produces, some firms have no systematic program for eliminating no-longer needed e-mails. As a result, you learn that the amount of e-mails and related electronic documents that must be retrieved under discovery is staggering ' hundreds of thousands. It soon becomes clear that, although the case should have been defendable, it's more financially sound for the company to begin negotiating a settlement.

Sound far-fetched?

Not so far-fetched, it turns out.

These kind of scenarios are showing up more often with today's proliferation of e-mail and the corresponding lack of corporate electronic records-retention policies.

What The Stats Say

In a recent survey of more than 2,200 corporate-records managers, nearly half (47%) said that electronic records were not included in their companies' retention policies. About six in 10 companies surveyed (59%) had no formal e-mail retention policy. The survey, conducted online in September 2003 by Cohasset Associates Inc., in conjunction with ARMA International (The Association for Information Management Professionals) and AIIM International, The Enterprise Content Management Association, revealed other troubling statistics.

Among them was whether companies have formal policies to place holds on records once litigation is filed or if an investigation is clearly forthcoming. Given how document destruction led to the demise of Arthur Andersen, one would think this would have been addressed in corporate America.

Think again.

Forty-six percent of companies surveyed had no system in place for retention of records in the event of pending litigation or a regulatory investigation. Furthermore, 65% said their companies' hold-order policy ' if they had one ' didn't include electronic records. Considering that today an estimated 80% to 90% of business records are generated electronically, the potential risk is enormous.

Retention of those records is overwhelmingly being handled by companies' IT departments (71%). But two-thirds of the records managers surveyed (67%) said their tech colleagues didn't understand the concept of document “life cycle management.” This core principle of records management concludes that documents have a life ' and, ultimately, a death ' when their usefulness to the business and all regulatory requirements for retaining the documents have passed.

Sixty-two percent of those surveyed had problems with their establishments' e-records systems. For instance, 33% said they were “not at all confident” and 29% were “slightly confident” that their companies could demonstrate that their electronic records were accurate, reliable and trustworthy, if legally challenged. Keep in mind that these are companies employing a records-management professional; one can only imagine how dismal the reality is for firms without a records manager.

[See selected survey results below.]

The Best Defense …

Given these clear risks, corporate counsel and outside legal advisers should start asking questions about how electronic records are retained in their organization and what factors lead to their destruction.

Some steps to consider follow.

• Establish a working relationship with records management. Executives and others who might be involved in discovery and aspects of litigation should get to know the people in their records-management department who can assist in implementing policies and procedures to ensure ongoing legal and regulatory compliance across the organization. Besides making sure records are retained properly and for the required period, records managers can protect individual privacy and corporate confidentiality by restricting access to certain records and ensuring that records destruction is conducted according to predetermined rules and procedures.
• Provide a liaison. Assign an attorney to become the key point of contact for the records-management department. This attorney would be more focused on records, approving records-retention schedules and records destruction. He or she ' a member of the legal counsel's office ' would communicate the need for legal holds to prevent destruction of records needed for litigation and provide general legal guidance.
• Promptly provide all record holds. Communicate legal holds for records when they are relevant to on-going litigation or may be subject to a pending investigation, and do so in a timely fashion. Records managers can be the ones who keep an organization from making headlines about obstruction of justice or destruction of evidence, but only if they know what records need to be removed from their place in the regular schedule for destruction.
• Make the case to senior management. Have general counsel educate senior management about a records-management department's needs, issues and compliance efforts. If a records-management department is going to be a legal partner, then that department's importance must be clear to those at the top.
• Become IT knowledgeable. Electronic records create new challenges and vulnerabilities for an organization. While an opponent's e-mail server can be a gold mine during litigation, you want to keep your client's electronic-records system from providing the same nuggets to the opponent. e-Records must be protected from unauthorized alteration so that they can be reliable litigation tools.
• Provide liaison with compliance officer. Much like a liaison with the records-management department, a liaison with the company's compliance officer should be provided. It only makes sense that someone from the corporate-counsel's office would be a part of making sure the organization is operating within the parameters established by laws and regulations.
• Train the records manager(s). If he or she is called to testify, make sure that the records manager is properly trained about Rule 30(b)(6) of the Federal Rules of Civil Procedure, which advises that a records manager must testify only to “matters known or reasonably available to the organization.”
• Help to develop a digital preservation plan. If the organization that you represent is one of the many organizations yet to address the need to include electronic records on a document-retention schedule, then step in and be a part of the solution ' now. Suggest a schedule, and provide the legal input about the need to be able to produce records in a timely fashion for as long as they must be retained. It's not uncommon for retention requirements to be 10 to 15 years, while other records must be retained indefinitely or permanently.

A Fast-Changing World

Technology has changed the state of business records, and expectations all around when those records might be used in litigation. Those changes can some day have a devastating legal impact on an organization, if that devastation is allowed to occur. Corporate and other counsel who address these issues head on could end up being the unknown saviors to their organizations. Those who don't address these risks might some day have to settle an otherwise defendable case, just to avoid extraordinarily high discovery costs. Or, worse, left unchecked, these records issues could leave your company exposed to become the next example of corporate scandal.

It's your choice.  

Do your records-management policies and procedures address electronic records?

Yes – 56%
No – 40%
Don't know – 4%

Does your organization have comprehensive records-retention schedules that include electronic records?

Yes – 53%
No – 47%

Does your organization have a formal system for record hold orders setting aside for an indefinite period of time those records that are deemed relevant to an existing or pending legal or regulatory proceeding?

Yes – 54%
No – 46%

Does your system for record hold orders include electronic records?

Yes – 35%
No – 65%

To view the full survey, please visit www.merresource.com/whitepapers/survey.htm.