8 Things to Consider When Developing an Information Retention Policy
All too often, businesses discover the need for a document retention policy either when it is least convenient to implement or too late in the game. Particularly in today’s litigious environment where virtually any form of information (paper, electronic, or audio) can be used in litigation, being proactive in this regard can save an organization from headaches and high costs. An organizational retention policy provides for the systematic review, retention, and destruction of information and records received or created in the course of business. Below are eight items to consider when developing your company’s retention policy.
Understand the need for a formalized retention policy.
Having a retention policy in place is about more than just making space and keeping clutter-free; it can be a great asset should litigation arise. The Federal Rules of Civil Procedure (FRCP) state that parties are to discuss preservation at the “meet and confer," but in practice, preservation decisions should be made long before. Proactive policies establish that good faith efforts have been made by your business and help facilitate the entire litigation process
Do you know what is “Reasonably Accessible” under the updated Federal Rules?
FRCP 26(b)(2) delineates the standard for discovery of electronically stored information based on the concept of “Reasonably Accessible," with a two-pronged test for “Undue burden” or “Undue cost." Developing a good retention policy puts your company in control of which elements of information are available and discoverable under the new Federal Rules.
Identify which types of records should be reflected in your retention policy.
Just saying, “save it all” won’t work; you need to specify. Successful retention policies will target the following types of information and records: Employment, Account and Corporate Tax Records, Legal Records, Electronically stored information (computer disks, hard drives, emails, web content, audio files/voicemail, information on thumb-drives/PDA’s/digital devices). You will also need to take into account if your organization’s line of business and any special information that may be unique to this sector.
Make sure to ask yourself all the key questions.
- Does your retention policy reflect obligations imposed by all local, state, and federal regulations?
- Has your company previously had to produce information for litigation discovery?
- Does your company have adequate means for ensuring that information is not improperly destroyed?
- Is there adequate guidance for what information must be preserved?
- Have you accounted for the replication and storage of paper documents?
- Have you properly addressed email policies?
A company’s retention policy is only as effective as its implementation.
It must receive buy-in starting at the top level of management and then be filtered down throughout the organization. Policies should be easy to follow and should include periodic audits. Your organization should renew these policies every few years, to allow for adjustments in company operations and changes in technology. It is also important that your policy is flexible, including allowances for suspension of the policy when a litigation hold is in place.
Regular enforcement is key.
Retention policies must be regularly enforced even when no litigation or investigation is looming. Sporadic enforcement may be viewed as strategic bad faith destruction, rather than information management occurring in the ordinary course of business. This may result in organizational liability. You should perform regular, scheduled checks to ensure that employee practices of destruction and retention consistently conform to the plan. One employee’s carelessness can open up the entire organization’s information for discovery.
A properly executed retention policy can serve as a roadmap.
It will be a helpful tool to prepare for litigation, providing both in-house and outside counsel with a roadmap for finding information in case of internal investigations, disaster recovery, regulatory requests, or litigation. If your company is to develop a functional retention policy, then it must know where all of its information is kept and how that information is stored, including names of custodians and types of servers and backup tapes used.
Take stock of your backup tapes, i.e., practice Intelligent Asset Management (IAM).
You need to determine what tapes are necessary for continued archiving. If your company has created a compliant records retention policy, then generally, there would be no need to keep tapes that fall outside of the retention requirements. In some cases, you may have to adjust retention policies to avoid archiving tapes that are not needed and serve no useful purpose. Identify and preserve backup tapes that are consistent with current preservation requirements and litigation holds. Your retention policies should explicitly spell out how backup tapes are handled. Interrogate and adopt the management of your tape media catalogs – manage your tapes and know where they all reside.
The policy your company creates should identify those records that need to be maintained and contain guidelines for how long certain information should be kept and how they should be destroyed. By following these eight steps, one can work to ensure that nothing gets left in the cold.
About John Mancini
John Mancini is the President of Content Results, LLC and the Past President of AIIM. He is a well-known author, speaker, and advisor on information management, digital transformation and intelligent automation. John is a frequent keynote speaker and author of more than 30 eBooks on a variety of topics. He can be found on Twitter, LinkedIn and Facebook as jmancini77. Recent keynote topics include: The Stairway to Digital Transformation Navigating Disruptive Waters — 4 Things You Need to Know to Build Your Digital Transformation Strategy Getting Ahead of the Digital Transformation Curve Viewing Information Management Through a New Lens Digital Disruption: 6 Strategies to Avoid Being “Blockbustered” Specialties: Keynote speaker and writer on AI, RPA, intelligent Information Management, Intelligent Automation and Digital Transformation. Consensus-building with Boards to create strategic focus, action, and accountability. Extensive public speaking and public relations work Conversant and experienced in major technology issues and trends. Expert on inbound and content marketing, particularly in an association environment and on the Hubspot platform. John is a Phi Beta Kappa graduate of the College of William and Mary, and holds an M.A. in Public Policy from the Woodrow Wilson School at Princeton University.