240 likes | 443 Views
Electronic Records Retention: A Pragmatic View. Or “Ya’ Gotta Know When to Hold ‘em, and Know When to Fold ‘em ”. ©2008 – Learn Consulting. Disclaimer. Learn Consulting Does Not Provide Legal Advice . If you are in Need of Legal Advice, Consult a Competent Attorney.
E N D
Electronic Records Retention:A Pragmatic View Or “Ya’ Gotta Know When to Hold ‘em, and Know When to Fold ‘em” ©2008 – Learn Consulting
Disclaimer Learn Consulting Does Not Provide Legal Advice. If you are in Need of Legal Advice, Consult a Competent Attorney. © 2008 – Learn Consulting
Goals of an ERR Policy • Meet Business Objectives and Requirements • Assure Statutory, Regulatory, and Judicial Compliance • Maintain Cost Effective Business Practices © 2008 – Learn Consulting
Discovery BlackMail! • Avoid a Situation Where It Becomes Cheaper to Settle Litigation than to Comply with Requirements of Discovery! © 2008 – Learn Consulting
Known When to Hold 'Em • Last May, Wall Street was stunned when a jury ordered white-shoe firm Morgan Stanley to pay financier Ron Perelman $1.58 billion for the bank's role in a botched deal. Almost as stunning as the award: the high-profile case turned on Morgan Stanley's failure to turn over requested electronic documents. (Source: CFO Magazine) © 2008 – Learn Consulting
Known When to Hold 'Em • The average U.S. corporation is currently contending with 37 lawsuits — and, increasingly, litigants are demanding to see defendants' digital documents. (Source: CFO Magazine) © 2008 – Learn Consulting
Known When to Hold 'Em • Only 57 percent of U.S. businesses have records-retention policies. • Many businesses craft retention policies that cover memos, Word files, and the like, but not E-mail, instant messages, or other "unstructured" data. • The convergence of mobile phones with computers will cause even more problems. (Source: CFO Magazine © 2008 – Learn Consulting
You Don’t Have to Manage What You Never Created! • If There Isn’t a Reasonable Business Need to Create an ER, Don’t Create It! © 2008 – Learn Consulting
You Don’t Have to Manage What You Never Created! • Implement and Enforce Appropriate E-Mail, IM, Text Message, etc., Policies and Procedures that Discourage the Creation of Superfluous ERs that are Potentially Dangerous, Costly to Manage and Store, and Totally Unnecessary! © 2008 – Learn Consulting
You Don’t Have to Manage What You Never Created! • Discourage, Control and/or Prohibit Personal Use of Corporate Electronic Messaging Technologies! • Manage and Control Use of Outside E-Mail Accounts by Employees. • Axiom: E-Mail Lives Forever!! • It is Very Difficult, If Not Impossible, to Determine Where the E-Mail May Have been Forwarded and/or Stored! © 2008 – Learn Consulting
Disaster Recovery • ERR Must Be Credibly Included in Disaster Recovery Strategies, Plans, Processes and Policy. • A Judge May Be Less Than Understanding About a Hard Drive Crash or Virus Attack! © 2008 – Learn Consulting
What About Encryption? • Make Sure Your Policy Addresses the Ability to Recover Archived Records That Are Encrypted!! © 2008 – Learn Consulting
What About Encryption? • Make Sure You Have the Keys to Encrypted Records!! • Maintain an Encryption Policy! © 2008 – Learn Consulting
Business Imperatives • Process and consistency will be key when retaining electronic records. • In order for the enterprise to verify the authenticity and origin of an electronic record, it must have in place a system to capture and catalog identifying metadata. • Enterprises will need to factor into any electronic records retention policy any outsourcing agreements in which they participate. (Source: RFG Research) © 2008 – Learn Consulting
Bottom Line IT executives should ensure that their e-records retention policy is comprehensive, well documented, and covers issues such as outsourced arrangements and non-business system use. IT executives should investigate the effect of various business arrangements and procedures in light of their formulation of this policy. Furthermore IT executives should validate that the procedures established as a result of the policy effectively address all the tenets of the policy. This will help to ensure that the enterprise is not left exposed in times of investigation or litigation, should such a scenario arise. (Source: RFG Research) © 2008 – Learn Consulting
Honest, Your Honor! • The Courts currently appear to allow significant discretion when it comes to ERR, Provided the Policy is: • Reasonable • Consistent, and • Rigorously Enforced © 2008 – Learn Consulting
Reasonable • Policy Is Written, Widely Promulgated, and Reflects Adequate Training of Affected Personnel • Meets Statutory, Regulatory and Judicial Requirements (including Provisions for Placing Legal Holds on Documents) © 2008 – Learn Consulting
Reasonable • Promotes Reasonable and Understandable Business Objectives and Requirements • Is Inclusive and Encompassing © 2008 – Learn Consulting
Consistent • Codified at the Highest Level of the Organization • No Exceptions (or Exceptions are Rigorously Handled within a Documented Process within the Policy) © 2008 – Learn Consulting
Consistent • Enduring; e.g., Not Implemented or Changed as the Result of (or in Temporal Proximity to) Anticipated or Actual Litigation • Specific and Organization-Wide © 2008 – Learn Consulting
Rigorously Enforced • Ultimate Responsibility and Authority for Implementation and Enforcement Is Vested in a Specific Individual (i.e., Not a Position, Organizational Unit, etc.) • There is a Clear Record of Compliance Over an Extended Period of Time © 2008 – Learn Consulting
Assure You Can Read Archived Data • Much of NASA’s Early Space Exploration Data Is Irrecoverable. • Must Also Archive Software Used To Recover Data. (Source: Ohio Historical Society) © 2008 – Learn Consulting
“Know When to Fold ‘em” • Kill Expired Records!! • …and Kill them Again! • Make Certain They Are Dead!! • Wounded Records Will Come Back to Haunt You!! © 2008 – Learn Consulting
Questions/Discussion?? © 2008 – Learn Consulting