8 Things to Consider When Developing an Information Retention Policy

All too often, businesses discover the need for a document retention policy either when it is least convenient to implement or too late in the game. Particularly in today’s litigious environment where virtually any form of information (paper, electronic, or audio) can be used in litigation, being proactive in this regard can save an organization from headaches and high costs. An organizational retention policy provides for the systematic review, retention, and destruction of information and records received or created in the course of business. Below are eight items to consider when developing your company’s retention policy.

1. Understand the need for a formalized retention policy.

   Having a retention policy in place is about more than just making space and keeping clutter-free; it can be a great asset should litigation arise. The Federal Rules of Civil Procedure (FRCP) state that parties are to discuss preservation at the “meet and confer," but in practice, preservation decisions should be made long before. Proactive policies establish that good faith efforts have been made by your business and help facilitate the entire litigation process

2. Do you know what is “Reasonably Accessible” under the updated Federal Rules?

   FRCP 26(b)(2) delineates the standard for discovery of electronically stored information based on the concept of “Reasonably Accessible," with a two-pronged test for “Undue burden” or “Undue cost." Developing a good retention policy puts your company in control of which elements of information are available and discoverable under the new Federal Rules.

3. Identify which types of records should be reflected in your retention policy.

   Just saying, “save it all” won’t work; you need to specify. Successful retention policies will target the following types of information and records: Employment, Account and Corporate Tax Records, Legal Records, Electronically stored information (computer disks, hard drives, emails, web content, audio files/voicemail, information on thumb-drives/PDA’s/digital devices). You will also need to take into account if your organization’s line of business and any special information that may be unique to this sector.

4. Make sure to ask yourself all the key questions.

   • Does your retention policy reflect obligations imposed by all local, state, and federal regulations?
   • Has your company previously had to produce information for litigation discovery?
   • Does your company have adequate means for ensuring that information is not improperly destroyed?
   • Is there adequate guidance for what information must be preserved?
   • Have you accounted for the replication and storage of paper documents?
   • Have you properly addressed email policies?

5. A company’s retention policy is only as effective as its implementation.

   It must receive buy-in starting at the top level of management and then be filtered down throughout the organization. Policies should be easy to follow and should include periodic audits. Your organization should renew these policies every few years, to allow for adjustments in company operations and changes in technology. It is also important that your policy is flexible, including allowances for suspension of the policy when a litigation hold is in place.

6. Regular enforcement is key.

   Retention policies must be regularly enforced even when no litigation or investigation is looming. Sporadic enforcement may be viewed as strategic bad faith destruction, rather than information management occurring in the ordinary course of business. This may result in organizational liability. You should perform regular, scheduled checks to ensure that employee practices of destruction and retention consistently conform to the plan. One employee’s carelessness can open up the entire organization’s information for discovery.

7. A properly executed retention policy can serve as a roadmap.

   It will be a helpful tool to prepare for litigation, providing both in-house and outside counsel with a roadmap for finding information in case of internal investigations, disaster recovery, regulatory requests, or litigation. If your company is to develop a functional retention policy, then it must know where all of its information is kept and how that information is stored, including names of custodians and types of servers and backup tapes used.

8. Take stock of your backup tapes, i.e., practice Intelligent Asset Management (IAM).

   You need to determine what tapes are necessary for continued archiving. If your company has created a compliant records retention policy, then generally, there would be no need to keep tapes that fall outside of the retention requirements. In some cases, you may have to adjust retention policies to avoid archiving tapes that are not needed and serve no useful purpose. Identify and preserve backup tapes that are consistent with current preservation requirements and litigation holds. Your retention policies should explicitly spell out how backup tapes are handled. Interrogate and adopt the management of your tape media catalogs – manage your tapes and know where they all reside.

The policy your company creates should identify those records that need to be maintained and contain guidelines for how long certain information should be kept and how they should be destroyed. By following these eight steps, one can work to ensure that nothing gets left in the cold.