Date post: | 13-Jan-2016 |
Category: |
Documents |
Upload: | lesley-mccormick |
View: | 213 times |
Download: | 0 times |
Electronic Records Electronic Records Retention:Retention:
A Pragmatic ViewA Pragmatic View Or Or
““Ya’ Gotta Ya’ Gotta Know When to Hold ‘em, Know When to Hold ‘em,
and Know When to Fold ‘emand Know When to Fold ‘em””
©2008 – Learn Consulting
DisclaimerDisclaimer
Learn Consulting Does Not Provide Legal Advice. If you are in Need of Legal Advice, Consult a Competent Attorney.
© 2008 – Learn Consulting
Goals of an ERR PolicyGoals of an ERR Policy
Meet Business Objectives and Requirements
Assure Statutory, Regulatory, and Judicial Compliance
Maintain Cost Effective Business Practices
© 2008 – Learn Consulting
Discovery BlackMail!Discovery BlackMail!
Avoid a Situation Where It Becomes Cheaper to Settle Litigation than to Comply with Requirements of Discovery!
© 2008 – Learn Consulting
Known When to Hold 'Em Known When to Hold 'Em
Last May, Wall Street was stunned when a jury ordered white-shoe firm Morgan Stanley to pay financier Ron Perelman $1.58 billion for the bank's role in a botched deal. Almost as stunning as the award: the high-profile case turned on Morgan Stanley's failure to turn over requested electronic documents.
© 2008 – Learn Consulting
(Source: CFO Magazine)
Known When to Hold 'Em Known When to Hold 'Em
The average U.S. corporation is currently contending with 37 lawsuits — and, increasingly, litigants are demanding to see defendants' digital documents.
© 2008 – Learn Consulting
(Source: CFO Magazine)
Known When to Hold 'EmKnown When to Hold 'Em
Only 57 percent of U.S. businesses have records-retention policies.
Many businesses craft retention policies that cover memos, Word files, and the like, but not E-mail, instant messages, or other "unstructured" data.
The convergence of mobile phones with computers will cause even more problems.
© 2008 – Learn Consulting
(Source: CFO Magazine
You Don’t Have to Manage You Don’t Have to Manage What You Never Created!What You Never Created!
If There Isn’t a Reasonable Business Need to Create an ER, Don’t Create It!
© 2008 – Learn Consulting
You Don’t Have to Manage You Don’t Have to Manage What You Never Created!What You Never Created!
Implement and Enforce Appropriate E-Mail, IM, Text Message, etc., Policies and Procedures that Discourage the Creation of Superfluous ERs that are Potentially Dangerous, Costly to Manage and Store, and Totally Unnecessary!
© 2008 – Learn Consulting
You Don’t Have to Manage You Don’t Have to Manage What You Never Created!What You Never Created!
Discourage, Control and/or Prohibit Personal Use of Corporate Electronic Messaging Technologies!
Manage and Control Use of Outside E-Mail Accounts by Employees.
Axiom: E-Mail Lives Forever!!– It is Very Difficult, If Not Impossible, to Determine
Where the E-Mail May Have been Forwarded and/or Stored!
© 2008 – Learn Consulting
Disaster RecoveryDisaster RecoveryERR Must Be Credibly
Included in Disaster Recovery Strategies, Plans, Processes and Policy.
A Judge May Be Less Than Understanding About a Hard Drive Crash or Virus Attack!
© 2008 – Learn Consulting
What About Encryption?What About Encryption?
Make Sure Your Policy Addresses the Ability to Recover Archived Records That Are Encrypted!!
© 2008 – Learn Consulting
What About Encryption?What About Encryption?
Make Sure You Have the Keys to Encrypted Records!!
Maintain an Encryption Policy!
© 2008 – Learn Consulting
Business ImperativesBusiness ImperativesProcess and consistency will be key
when retaining electronic records. In order for the enterprise to verify the
authenticity and origin of an electronic record, it must have in place a system to capture and catalog identifying metadata.
Enterprises will need to factor into any electronic records retention policy any outsourcing agreements in which they participate.
© 2008 – Learn Consulting
(Source: RFG Research)
Bottom LineBottom LineIT executives should ensure that their e-records IT executives should ensure that their e-records retention policy is comprehensive, well documented, and retention policy is comprehensive, well documented, and covers issues such as outsourced arrangements and covers issues such as outsourced arrangements and non-business system use. IT executives should non-business system use. IT executives should investigate the effect of various business arrangements investigate the effect of various business arrangements and procedures in light of their formulation of this policy. and procedures in light of their formulation of this policy. Furthermore IT executives should validate that the Furthermore IT executives should validate that the procedures established as a result of the policy procedures established as a result of the policy effectively address all the tenets of the policy. This will effectively address all the tenets of the policy. This will help to ensure that the enterprise is not left exposed in help to ensure that the enterprise is not left exposed in times of investigation or litigation, should such a times of investigation or litigation, should such a scenario arise.scenario arise.
© 2008 – Learn Consulting
(Source: RFG Research)
Honest, Your Honor!Honest, Your Honor!
The Courts currently appear to allow significant discretion when it comes to ERR, Provided the Policy is:– Reasonable– Consistent, and– Rigorously Enforced
© 2008 – Learn Consulting
ReasonableReasonable
Policy Is Written, Widely Promulgated, and Reflects Adequate Training of Affected Personnel
Meets Statutory, Regulatory and Judicial Requirements (including Provisions for Placing Legal Holds on Documents)
© 2008 – Learn Consulting
ReasonableReasonable
Promotes Reasonable and Understandable Business Objectives and Requirements
Is Inclusive and Encompassing
© 2008 – Learn Consulting
ConsistentConsistent
Codified at the Highest Level of the Organization
No Exceptions (or Exceptions are Rigorously Handled within a Documented Process within the Policy)
© 2008 – Learn Consulting
ConsistentConsistent
Enduring; e.g., Not Implemented or Changed as the Result of (or in Temporal Proximity to) Anticipated or Actual Litigation
Specific and Organization-Wide
© 2008 – Learn Consulting
Rigorously EnforcedRigorously Enforced
Ultimate Responsibility and Authority for Implementation and Enforcement Is Vested in a Specific Individual (i.e., Not a Position, Organizational Unit, etc.)
There is a Clear Record of Compliance Over an Extended Period of Time
© 2008 – Learn Consulting
Assure You Can Read Assure You Can Read Archived DataArchived Data
Much of NASA’s Early Space Exploration Data Is Irrecoverable.
Must Also Archive Software Used To Recover Data.
© 2008 – Learn Consulting
(Source: Ohio Historical Society)
““Know When to Fold ‘em”Know When to Fold ‘em”
Kill Expired Records!! …and Kill them
Again! Make Certain They
Are Dead!! Wounded Records
Will Come Back to Haunt You!!
© 2008 – Learn Consulting
Questions/Discussion??Questions/Discussion??
© 2008 – Learn Consulting