Document Retention Policy
It has become increasingly easy to create documents. Fifty years ago, we had to type them on the typewriters. Now we have the dubious advantage of having our own printer, computer and copier to create documents. Literally, tons of information circulate through any medium size office each year.
We do not want to end up like the guy from the office jokes, surrounded with mountains of paper on his desk and a little space for his coffee cup and laptop. We have the power to move this mountain from our lives by a carefully prepared document retention policy designed to fit the particular office needs.
What Documents Do We Need to Keep and How Do We Keep Them?
Paper and electronic documents should be managed, archived or destroyed only pursuant to a well-written document retention policy that takes into consideration applicable laws and what is reasonable for your business. The policy should give clear instructions to the employees on:
- What documents need to be saved;
- What documents could be recycled;
- What is the company’s policy for storage; and
- How long those documents should be kept.
Why Should a Business Have a Document Retention Policy?
Every business needs to spend the time to create a document retention policy based on its needs. When preparing the policy, the business should consider the legal requirements for the time periods for which certain types of documents should be retained. Several people can help in drafting a policy. You will have to consult with employees and consultants who perform maintenance on your business’ computers. They will be able to adjust their own policies to ensure your electronic data is maintained as consistently as your hard data. Your outside counsel or CPA should also be involved. Once a document retention policy is created, it is important to follow it and enforce it consistently.
The eight most important reasons why an organization should implement a document retention policy are:
- to comply with legal duties and requirements;
- to avoid liability through “spoliation,” the improper destruction or alteration of documents in a litigation situation;
- to support or oppose a position in an investigation or litigation;
- to protect from unnecessary expense and time during discovery;
- to maintain control over discovery and e-discovery;
- to keep documents confidential;
- to save valuable computer and physical storage space; and
- to reduce the volume of stored documents and data, making it easier to retrieve the needed document.
The Importance of Having A Document Retention Policy
By default, business that has no centralized policy regarding retention of documents delegates decisions about which records to keep or destroy to the employees with access to record making or record keeping functions. Employees with limited perspectives on management and legal issues, and possible conflicts with management, should not be relied upon to make decisions that could destroy the entire business.
While it is important to save computer and physical storage space, disposing of the wrong paper or deleting an important e mail can have disastrous consequences. Not having the right document can determine the outcome of a lawsuit. There are good reasons to keep business records and documents, such as to reference back to verify what actions were taken. For example, if you sue a company because that company owes your business money, it will be nearly impossible to win the case unless you have documentation of the debt.
On the other hand, the intentional destruction of documents relevant to pending or future litigation can undermine your business’ position in litigation. If a litigant requests a document that you cannot provide because it has been destroyed, then a judge or jury may be permitted to conclude that the document contained information nurting to your position. The primary exception to this rule is if the destruction of the document was reasonable. Evidence of a clear and consistently enforced document retention policy is sometimes the only way to convince the court that the destruction of a document was reasonable.
How do you create a document retention policy?
There are three rules for creating a document retention policy:
- If your business must follow applicable federal or state law or regulations and if federal and state requirements conflict, the more stringent requirements need to be followed.
- If your business is governed by internal by-laws, other mandatory procedures, or industry standards, it needs to abide by them.
- If neither of the above rules apply to your business, then you should assume that the documents in your possession could always be the subject of a lawsuit. Document retention policies don’t necessarily need to be very long. They could be just a few paragraphs or several pages, the longer document retention policies being more appropriate for larger firms or companies. You should be aware that enforcement can be a challenging business. Studies have shown that 10% of employees who are given an order to destroy documents in accordance with a document retention policy will not follow it. Sometimes, they believe they will some day “need” the document for some reason or another. Some are just lazy. Others are naturally disinclined to obey orders. Periodically, you may wish to conduct audits to make sure the company’s deletion orders have been obeyed. Every document retention policy must:
- Define how long, how and where to store both paper and electronic records, making sure you specify specific retention periods for specific categories of records.
- Make sure you have considered all forms of electronic data in all devices, including voicemail.
- Include E-mail and other electronic documents.
- Specify how records are to be destroyed when their retention period has expired: automated or responsibility of the users.
- Detail the circumstances under which the policy should be suspended, such as when a lawsuit is anticipated or in progress, a subpoena has been served, or an investigation is known to be underway.
- Identify the individuals responsible for enforcing, monitoring and updating the policy.
- State penalties for non-compliance and impose them.
- Describe the manner in which to organize and catalog stored records so that they can be recovered with relative ease.
- Make the document retention policy part of the employee handbook, make sure that employees sign the policy, and ensure that the handbook is updated when the policy is updated.
- Provide for a review the policy on a regular basis, making the review deadlines a part of the document retention policy itself.
- Log the passwords and product version used at the time of encryption, if the documents are electronic and encrypted.
- Andersen neglected to tell the staff to retain all documents related to the SEC’s Enron investigation. Andersen was well aware of the investigation.
- It was suspicious that Andersen, which had rarely invoked its document retention policy, suddenly decided to mandate compliance in the midst of the Enron debacle.
- It didn’t help Andersen that at least one document in question was in fact altered by an Andersen employee.
There are regulations in different areas of business that a document retention policy may need to comply with. For example, if you are a health care provider, a financial institution, or a brokerage house, you have in document retention requirements of the federal government in Securities and Exchange Commission regulations, the Sarbanes-Oxley Act of 2002, Graham-Leach-Bliley Act of 1999, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Fair and Accurate Credit Transactions Act (FACTA) from 2003. Each act could comprise an article into itself. If you are not subject to such precise laws and regulations, then you need to deal with the more generic problems of document retention policies. There are still Occupational Safety & Health Administration (OSHA) requirements and tax records requirements that apply to almost everyone, and statutes of limitation, but otherwise electronic documents are up to your discretion to keep or discard. This article’s purpose is not to give an answer to each question concerning the document retention policies for every business. It should be regarded as guidance only. Please refer to the regulations in your industry and consult with your attorney or CPA when you are creating your retention policy.
Court’s Attitude to The Problem of Document Retention
Courts are aware of the overwhelming volume of a company’s data and the need for data management. They understand that corporations need to destroy data in the regular course of business, when there is no anticipation of litigation. However, the mere implication of spoliation will generally lead to a judge’s determination to find out whether a company has deliberately destroyed documents. Penalties for spoliation have been severe, including huge fines, prohibiting the testimony of the person responsible for the spoliation, altering legal presumptions to favor the other side and, in extreme cases, dismissal of claims.
Once there is a potential for litigation or a lawsuit has been filed, a business should ALWAYS make sure that the document retention policy is suspended insofar as the subject matter of the litigation or investigation is concerned. The business should ensure that all involved parties know what documents, back-up tapes, etc. must be preserved until the litigation or threat of litigation is resolved. Protect the company by putting such information in dated writings, whether paper or electronic, giving clear orders to employees.
What happened with Arthur Andersen, LLP?
In May 2005, the U.S. Supreme Court overturned the conviction of Arthur Andersen, LLP in the criminal case that arose out of the destruction of Enron documents. The court ruled unanimously that the Houston jury that found Arthur Andersen, LLP guilty of obstruction of justice was given overly broad instructions by the federal judge who presided at the trial. Although a rebuke to the government, the court’s decision is little comfort for Andersen and its former employees. Andersen’s reputation had been destroyed, and the firm had essentially died. The Chicago-based firm has a staff of only 200 left out of the 28,000 people who once worked there. Andersen was in charge of auditing the books at Enron, the Houston energy conglomerate. As Enron’s collapse became public, Nancy Temple, a lawyer for Andersen, sent an e-mail on October 19, 2001, reminding employees of the company’s policy of routine document shredding, which specified how long employees should keep written and electronic records before destroying them. Two tons of documents were destroyed before the Securities and Exchange Commission (SEC) formally notified Andersen on November 9, 2001, that it was under investigation. What did Andersen do wrong?
The Andersen case shows that a document retention policy must be enforced in a consistent fashion. Selective enforcement could lead to a spoliation of evidence or obstruction of justice charge.
The Danger of Saving Unnecessary Documents.
Sometimes, business owners and their lawyers tend to forget that saving unnecessary documents can constitute a significant danger.
In 1997, the Boeing Co. found itself confronted with a securities fraud class action suit. In a deposition, the plaintiffs’ attorney learned that Boeing had some 14,000 e-mail backup tapes stored in a Washington, D.C. warehouse. Naturally, he demanded the tapes. Boeing unsuccessfully tried to narrow the scope of discovery. Boeing was unable to tell whose e-mails were on which tapes without restoring the tapes first. The situation was complicated by the fact that Boeing used several e-mail systems and its IT departments were situated throughout the world. Not only did Boeing retain far more data than needed, but its retention was very disorganized. In the end, Boeing incurred a fortune to restore all the tapes. The unhappy result was that the content of the tapes was sufficiently damning that Boeing concluded the lawsuit by settling for $92.5 million. The Boeing case should serve as a warning that electronic document retention policies and the organization of retained documents should be a significant factor in corporate and law firm planning.
DuPont’s Saving Money from a New Retention Policy
When DuPont went through an enterprise-wide reorganization of its corporate records, the company discovered that more than 50 % of the documents the company gathered for discovery between 1992 and 1994 should not have been retained. It estimated that it had spent an unnecessary $10-12 million in retention and production costs. Its new document retention policy calls for a 60-day life for e-mail and a 14-day life for e-mail backup tapes. Every employee is considered a “record custodian” and must sign off on the policy. A four-person Corporate Records Information Management team is responsible for providing guidance and ensuring policy compliance. In 2001, it adopted a system that prompts employees to delete e-mails that are overdue for deletion. The employees are given the option to retain records by entering a retention code; otherwise the e-mails are automatically deleted. The result was that the company has noted a decrease in the amount of data it must sift through to comply with discovery requests. All these cases are examples of the importance of having a well-written document retention policy that suits the needs of the business and is consistently followed. If you need help with your document retention policy, please contact Bay Oak Law at 510-208-5500 or visit us at www.bayoaklaw.com.