Chapter § 3.01 Managing the Costs and Risk of e-Data

JurisdictionUnited States
Publication year2020

§ 3.01 Managing the Costs and Risk of e-Data

[1] Records Retention Programs or 100% Archiving?

Business entities may choose the records management methods best suited to their particular needs. Over 20,000 federal, state, and municipal statutory and regulatory retention requirements exist at the general business level,2 including obligations and guidelines imposed by the U.S. Code,3 the Code of Federal Regulations,4 state-level statutory requirements,5 agency letter opinions,6 and professional standards published by industry groups.7 Business entities must maintain records for the period imposed by such laws and regulations,8 and then they are given the choice of either continuing retention or purging documents not subject to current or pending litigation matters.9 In the context of litigation, the requirements clearly impose the implementation and monitoring of document preservation programs to avoid claims of spoliation and the improper loss of potentially relevant information.10

A business may decide to adopt a “save everything” approach in order to alleviate any concern of violating legal retention requirements—or it may take no action on records retention and be left with a de facto “save everything” approach as employees reflexively retain documents on the off chance they may consult them in the future. However such an approach arises, a business entity may avoid the need to train employees on records retention practices and procedures and will in many cases possess documents should litigation arise. But “saving everything” imposes substantial document storage costs and burdens along with the business and litigation risks of certain data preservation, severely outweighing any perceived benefits of 100% data archiving.

Alternatively, a records management program can help business entities control costs and manage risks while also abiding by legal records retention requirements. An effective records management program should be designed to achieve: (1) the retention of all necessary business records; (2) the retention of all records required by statute, regulation, or contract; (3) allowing users to access and retrieve business records efficiently; (4) preventing destruction of records that may serve as potentially responsive documents once litigation and/or government investigation will be reasonably anticipated; and (5) providing destruction procedures for records with “expired” retention periods. Although developing an effective records management program can be a complicated and time-consuming task that requires a fully committed team of employees, ranging from users to IT personnel to key managers, the program will greatly benefit business entities in this emerging era of electronic data and records.

Courts have endorsed the validity of records management programs that call for the proper destruction of documents upon their expiration. The Supreme Court has acknowledged that document retention and destruction policies are common in the business world.11 The Court commented that “it is, of course, not wrongful for a manager to instruct his employees to comply with a valid document retention policy under ordinary circumstances.”12 The Court acknowledged that when used properly, document retention policies serve as useful business tools.13

But any document destruction under a records management policy must be reassessed and, in many cases, suspended when the reasonable threat of litigation arises: “once a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policy and put in place a litigation hold to ensure the preservation of relevant documents.”14 Here too, the court acknowledged that document retention policies are useful and valid tools for entities; however, the policies must be implemented and followed properly in order to avoid spoliation claims.15

Electronic mail (or email) attracts the most attention in discussions of electronic records retention.16 Organizations may take several different paths in an effort to control email communications under their records retention program, including the deletion of all emails after a certain time (a “purge” program), the retention of all emails regardless of content, and a program that manages the email by only retaining business related emails for a specified period of time that is determined by the content of each email and attachment.

Ultimately, when deciding whether to save business records, the entity should remember that, as a general rule, in determining whether a document should be kept, or is required to be kept, the record’s content, as opposed to the medium in which it’s stored (i.e., whether it is an email, paper copy, facsimile, instant message, text file, or a Web site) should be the focus.17

Email volume is growing rapidly and, unchecked, may impose significant risks. Simply purging emails after a set amount of time may, for example, expose the business to the risk of spoliation. Saving all emails in a vast, undifferentiated archive may alleviate the risk of spoliation and lack of regulatory compliance, but is extremely costly in the context of litigation, making it almost impossible to retrieve efficiently what is needed. In addition, saving unneeded emails exposes a company to unnecessary risk. The best approach is to filter emails so that they are managed by a records management or archival system that permits both single instance storage and the application of retention periods with the proper destruction of expired records. Otherwise, any email retained by the company for longer than necessary, intentionally or not, may be legally discoverable.

Email serves as merely one example of...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT