 |
||
|
|
|
|
|
|
|||||||||||||||
|
|
|
|
|
|
|
|
||||||||||
|
|
|
|
|
|
|
|
||||||||||
|
|||||||||||||||||
|
 |
 |
 |
 |
 |
|
|
||||||||||
|
|
||||||||||||||||
|
Don’t Let Your E-Records Turn Into Smoking Guns Companies have good reasons to preserve e-mail and other electronic records for a specific period. And also good reasons to destroy records at the end of that period. But preservation entails more than simply storing information on computers, disks and tapes -- and destruction entails more than simply deleting old files. Why You Need a Policy A 1999 study found that 92% of companies store records in electronic form, but only 28% developed a policy for retaining electronic records. To understand why you need a comprehensive policy for preserving and destroying electronic records, let’s examine the increasingly central role that e-mail and other electronic evidence play in lawsuits and other disputes. E-records and e-mail in particular have become 21st century smoking guns -- especially in lawsuits. For example, an employee-plaintiff might use e-mail against the employer-defendant. E-mail is a nearly instantaneous medium of communication in which users: o Write or include information that they wouldn’t dream of expressing in traditional business letters, o Tend to be less inhibited about making derogatory or disparaging comments and may tend to use profanity and vulgarity, o Often hit the "send" button without considering whether they revealed more information than they should, o Believe e-mail is private and secure as long as it doesn’t leave the company’s internal communications network, and o Assume that deleting e-mail removes it from the computer and renders it unretrievable, especially if deleted without ever being printed out. These points are particularly dangerous when we recognize that information available electronically can be easily and quickly transmitted to many locations worldwide. New drive-imaging technology can recover and restore deleted electronic files from, for example, computer hard drives, disks, servers, handheld devices, cell phones, voicemail and other media. Additionally, company policy may require system backups that regularly save and archive information. Elements of a Good Policy Few courts differentiate between paper and electronic records. Recent changes in the Federal Rules of Civil Procedure limit broad electronic discovery requests, particularly relating to e-mail, and allow a court to weigh the benefits and burdens of proposed discovery. A court can assess all or part of the costs of computerized discovery against the requesting party. So you should develop a comprehensive preservation-and-destruction policy that includes electronic records. Plan your policy carefully and apply it consistently. Consider these elements in developing your policy: 1. Backup. Develop a team composed of your managers, information technology staff and attorney to decide how often -- and on what storage media -- to back up and store all the data on your work-stations, mainframe and network -- including all files on company servers. Many companies back up their systems daily. 2. Retention. Work with your attorney to determine how long to preserve records whether or not governed by statute. For instance, consider how long you might need to maintain records that may be required to defend a substantial claim brought against your company. Also consider retaining all necessary software and equipment required to retrieve those records. 3. Organization. Catalog your electronic backup data -- you might want to index it by date, user or any other criteria -- for easy retrieval if needed for business, legal or other purposes. 4. Destruction. At the end of the retention period for each kind of electronic record, destroy the data. Don’t just delete it. You must "wipe" all tapes, disks, and other electronic storage media (and "scrub" hard drives) -- or else physically destroy them. You can buy off-the-shelf utilities that will wipe and scrub, such as Symantec’s WipeDisk and Cipher Logics’ SecureDelete. Some companies establish a maximum of 60 or 90 days for retaining e-mail messages on individual employees’ hard drives, unless related to ongoing projects. Some systems automatically purge e-records, e-calendars or similar information, so you must act to retain them. 5. Exceptions. Consult your attorney before you destroy any information relating to a lawsuit, dispute or investigation. You may need that information to defend or prove a claim. Consider establishing a special process for suspending regular practices when litigation occurs. And don’t destroy evidence a court has told you to retain or you could be sanctioned. 6. Encryption. Consider encrypting some types of e-records, particularly privileged information. If you encrypt any data, keep a record of the encryption program used, the decryption passwords and decryption software in case you later need to produce the data. Enforce Your Policy Give careful thought to your retention-and-destruction policy because of the long-term ramifications if a court orders you to produce electronic records. Of course, you must communicate your policy to employees and regularly inform them of updates and changes. Designate an employee or department to monitor the retention and destruction of electronic records. And enforce your policy consistently and firmly. We can advise you on how to formulate, communicate and enforce your policy to reduce your risk. Contact | Legal Disclaimer |
|
||||||||||||||||
