Legally Defensible Solutions Start with Sound Legal Advice
Start Here - Because many issues related to potential investigations or litigation should be kept confidential, it is vitally important that the proliferation of such information be tightly controlled. Unlike typical technology and records providers, our team approach initially creates the highest possible safeguards for confidential information through the use of the attorney-client communications privilege. Compared with a confidentiality or non-disclosure agreement, which can be pierced by third parties with relative ease, the privilege accorded to clients seeking and receiving legal advice can provide additional protection. At the beginning of an engagement our clients are free to discuss all of the reasons for needing to implement, supplement or revamp their document retention / destruction policies. Whether records were inappropriately destroyed or whether laws with criminal penalties were violated, communications regarding the problems and solutions can be freely and openly discussed.
If any of the reasons for requiring technical document retention / destruction policy solutions could cause embarrassment or increase legal risk, you should consider engaging an attorney first in order to create and maintain the critical communications privilege and work-product protections. Under the law of agency an attorney may be able to create an umbrella of privilege and other confidential protections over agents (e.g., RIM, and IT specialists) where the subject matter of the engagement relates to issues with a legal component. Because of the vast regulatory environment and the substantial number of civil and even criminal penalties for records management errors, nearly every records management question has a legal component. We have the knowledge and experience to communicate on a technical level with RIM and IT professionals. If there are any questions about legal liability, get a competent lawyer out in front of your technical team.
Email & Document Retention Policy Consulting
Developing a legally defensible and technically sound Document Retention / Destruction Policy solution requires a team approach. Akin to a "barn raising" the coordinated work of various skilled and talented specialists is required. Every business and institution has a unique mix of needs and in-house expertise. What is clear is that every document retention / destruction policy solution requires addressing 3 main areas: Legal, Records & Information Management (RIM), and IT.
In addition, any plan or implementation should be tested by a computer forensics expert. From experience, solution providers' claims that digital files were completely wiped are not always reliable.
Business Drivers / ROI
Business organizations and government agencies that have not suffered through expensive investigations or litigation typically do not view the creation of document retention policy as a critical task. A document retention policy is in reality a document destruction policy, permitting files to be culled and operations to be streamlined. The U.S. Supreme Court validated use of a written and regularly followed document retention policy to destroy documents in a famous case growing out of the Enron scandal, Andersen v. U.S. Once an organization has notice of an investigation or litigation, the best opportunity to trim its unnecessary archives is lost.
One key metric for organizations considering whether to develop an document retention policy is the enormous costs to recover and review thousands of electronic documents that could have and should have been disposed of. The cost to hire computer forensics firms to recover information from back up tapes and servers and then make it word-searchable, can easily run into tens of thousands of dollars. If relevant but unnecessary documents are identified, they will need to be reviewed by the lawyers defending the investigation or litigation. Estimates vary depending on the nature of the legal issues, but an organization can expect to pay upwards of $20 per document for this cursory search and review. Return on investment for a document retention / destruction policy begins to make sense when considering the tens of thousands of unnecessary files and emails that organizations file as "unstructured data" with every passing year. At over 20 bucks a pop, can an organization afford to keep thousands of unneeded documents around? Most managers who have been forced to pay highly trained professionals to sort through their trash would say NO.
In addition to the fact that cheap data storage invites a "pack rat" strategy, the advent of Sarbanes-Oxley reporting requirements for public companies and the changes to the discovery sections of Federal and State Rules of Civil Procedure have raised the stakes considerably. Moreover, destruction of documents that are sought by the Federal Government can lead to criminal charges.
Such risks are becoming common business drivers. Organizations need to recognize that data minimization (destruction), if done properly, will reduce risk and produce ROI results. Budgeting priorities need to reflect the new realities as all businesses move from a paper-centric model toward email, electronic documents, and cloud computing.