The Paperless Office & Document Retention Policies

Posted on Oct 23, 2009 in Records Management News

Tech & Trends Gen­eral Infor­ma­tion Octo­ber 23, 2009 • Vol.31 Issue 26

Mov­ing To A Dig­i­tized Work­place: The Paper­less Office & Doc­u­ment Reten­tion Policies

Key Points

• The dig­i­tized, paper­less office means adapt­ing doc­u­ment reten­tion poli­cies to reflect the array of elec­tronic data records and rel­e­vant legal and reg­u­la­tory requirements.

• A reten­tion strat­egy begins with defin­ing, list­ing, and cat­e­go­riz­ing the var­i­ous doc­u­ment types used within the enter­prise. This doc­u­ment map is the foun­da­tion for var­i­ous reten­tion sched­ules based on legal, reg­u­la­tory, or evi­den­tiary requirements.

• Gen­eral reten­tion guide­lines are help­ful in set­ting a pol­icy, but specifics will vary by com­pany and should be devel­oped in con­junc­tion with legal coun­sel expe­ri­enced in doc­u­ment reten­tion and elec­tronic discovery.

Visions of the paper­less office have largely been ren­dered absurd by his­tor­i­cal events, as evi­denced by the bil­lions enter­prises spend every year on print­ers, copiers, and sup­plies. In fact, tech­nol­ogy has arguably made it eas­ier than ever to gen­er­ate paper. How­ever, the days of paper as a pri­mary records stor­age medium are num­bered; hard copy records take up too much space and take too long to search and retrieve. The con­flu­ence of mul­ti­t­er­abyte stor­age sys­tems, sophis­ti­cated doc­u­ment man­age­ment soft­ware, and dig­i­tized work­flows means that enter­prises are build­ing key busi­ness processes around online forms and dig­i­tal records.

Yet, when tran­si­tion­ing to dig­i­tal paper­less sys­tems, the archival and reten­tion of records are crit­i­cal poli­cies that are often over­looked. Accord­ing to Info-Tech Research ana­lyst Rahul Par­mar, “The devel­op­ment of a doc­u­ment reten­tion strat­egy is the first phase of trans­fer­ring a paper-based sys­tem to a dig­i­tal one.” He notes that given the impli­ca­tions for every facet of a busi­ness, the impe­tus and lead­er­ship for doc­u­ment reten­tion poli­cies gen­er­ally comes from upper man­age­ment, not IT. “This is a busi­ness prob­lem, not a tech­ni­cal one,” says Par­mar, adding that IT is respon­si­ble for the tools and back-end infra­struc­ture but not the entire project.

Ele­ments Of A Doc­u­ment Reten­tion Policy

The first step in strat­egy devel­op­ment, accord­ing to Par­mar, is gain­ing an under­stand­ing and overview of the types of doc­u­ments used in an orga­ni­za­tion and their move­ment through var­i­ous work­flows and busi­ness processes. “Take the time to define who cre­ates, uses, and man­ages the doc­u­ments in ques­tion,” he advises. “Ensur­ing a com­plete list of records is gen­er­ated early will save time later on.”

Next, these var­i­ous doc­u­ment types should be clas­si­fied based on their con­trac­tual, finan­cial, tax, or reg­u­la­tory impor­tance, as these cat­e­gories drive a major pol­icy ele­ment: the reten­tion period. Unfor­tu­nately, this can be a painstak­ing and time-consuming process. Accord­ing to Michael Overly, a part­ner in Foley and Lard­ner LLP and co-author of the book “Doc­u­ment Reten­tion in the Elec­tronic Work­place,” there is an enor­mous range of laws and reg­u­la­tions affect­ing indi­vid­ual com­pa­nies, and although there are gen­eral reten­tion guide­lines for dif­fer­ent doc­u­ment types, there’s no “one-size-fits-all” template.

Reten­tion Peri­ods & Doc­u­ment Retrieval

Reten­tion peri­ods for many records are spec­i­fied by law, reg­u­la­tion, or con­trac­tual oblig­a­tion, with Sarbanes-Oxley being per­haps the best-known and most far-reaching statute affect­ing pub­licly traded com­pa­nies. Accord­ing to Par­mar, any doc­u­ments required on file for audit, legal, or com­pli­ance pur­poses are con­sid­ered retain­able records, as are those that have evi­den­tiary or ref­er­ence value. Because exact reten­tion peri­ods vary widely by com­pany and indus­try, Overly advises engag­ing an attor­ney expe­ri­enced in the field when devel­op­ing a policy.

Business-specific caveats aside, Par­mar offers guide­lines he says can be used as min­i­mal stan­dards. In gen­eral, employ­ment records should be kept for the length of employee tenure plus seven years, while sales records should be kept three to seven years past the trans­ac­tion date. Audit laws stip­u­late that tax records be retained for seven years, while doc­u­ments per­tain­ing to real estate trans­ac­tions should be kept for 20 years. Finally, doc­u­men­ta­tion of inven­tions or any con­tent cov­ered by patent, copy­right, or trade­mark laws should be kept per­ma­nently. Par­mar notes this lat­ter cat­e­gory likely includes Web pages and email messages.

Accord­ing to Jeff Fowler, an attor­ney in O’Melveny & Myers LLP’s Elec­tronic Dis­cov­ery and Doc­u­ment Reten­tion Prac­tice, two of the most impor­tant fea­tures of the paper­less office and asso­ci­ated reten­tion strat­egy are orga­ni­za­tion and effi­ciency, because doc­u­ments need to be easy to find and con­ve­nient to access. These goals neces­si­tate hav­ing a cen­tral­ized data repos­i­tory and not allow­ing indi­vid­ual employ­ees to store doc­u­ments and email archives on their per­sonal lap­tops. Like­wise, Fowler rec­om­mends com­pa­nies con­sider using some form of email archiv­ing or doc­u­ment man­age­ment sys­tem to aid in records search and recov­ery. Overly adds that archiv­ing to WORM (write-once, read many) media is prefer­able because stored doc­u­ments are inher­ently tamper-resistant and thus less likely to gen­er­ate legal chal­lenge to their authenticity.

Legal & Reg­u­la­tory Issues

Doc­u­ment reten­tion poli­cies have recently received much atten­tion, as orga­ni­za­tions grap­ple with their readi­ness for elec­tronic dis­cov­ery, accord­ing to Amy Longo and Allan John­son, col­leagues of Fowler’s at O’Melveny and Myers. Cit­ing a recent case in the U.S. Dis­trict Court for Utah reject­ing as unrea­son­able a defendant’s claim that indi­vid­ual employ­ees were expected to retain per­ti­nent data, Longo and John­son note “the court found that the ‘lack of a reten­tion pol­icy and irre­spon­si­ble data reten­tion prac­tices’ resulted in the destruc­tion of rel­e­vant evi­dence, vio­lat­ing the company’s duty to preserve.”

Overly says an often-overlooked con­sid­er­a­tion in reten­tion poli­cies, which over­rides stan­dard reten­tion peri­ods, is known as a lit­i­ga­tion hold—documents rel­e­vant to active lit­i­ga­tion must be pre­served even if they have reached the end of their reten­tion period.

Email presents a par­tic­u­larly sticky reten­tion prob­lem, accord­ing to Overly. He says that ini­tially, many com­pa­nies assumed every email was poten­tially harm­ful; thus, they often adopted very short reten­tion peri­ods, some­times only 30 to 90 days, out of fear of legal lia­bil­ity or embar­rass­ment from this largely uncon­trolled medium of employee com­mu­ni­ca­tions. More recently, enter­prises have come to real­ize the down­side of such hasty dis­posal because, as Overly observes, email often con­tains much of the intel­lec­tual cap­i­tal and undoc­u­mented knowl­edge in a firm. Fowler adds that the law stip­u­lates reten­tion poli­cies must be imple­mented in good faith and that courts may see unrea­son­ably short reten­tion peri­ods as an attempt to shirk legal obligations.

Accord­ing to Par­mar, “Form­ing a sound doc­u­ment reten­tion strat­egy is the first and most impor­tant step in cre­at­ing a paper­less office envi­ron­ment.” How­ever, this can’t be an IT-only project because it touches all areas of the enter­prise. Accord­ing to Overly, as com­pa­nies tran­si­tion to a dig­i­tal work­place, issues of doc­u­ment man­age­ment, infor­ma­tion secu­rity, and legal and reg­u­la­tory com­pli­ance become inter­twined. Although IT is cer­tainly respon­si­ble for the enabling tech­nol­ogy and tech­ni­cal com­po­nents, Par­mar says the scope of doc­u­ment reten­tion pol­icy under­scores the need to assem­ble a diverse team to define, list, and cat­e­go­rize records; set reten­tion peri­ods; and develop pro­ce­dures for destroy­ing expired documents.

by Kurt Marko

Risks Of Not Hav­ing Or Fol­low­ing A Doc­u­ment Reten­tion Policy

• Inabil­ity to retrieve and pro­duc­tively use business-critical infor­ma­tion on a daily or his­toric basis

• Increased costs of doing busi­ness from inef­fi­cien­cies related to dis­parate or inac­ces­si­ble data

• Fail­ure to com­ply with statu­tory or reg­u­la­tory reten­tion and destruc­tion requirements

• Reduced abil­ity to com­ply with court orders and other litigation-related imper­a­tives requir­ing access to exist­ing information

• Inabil­ity to respond promptly to gov­ern­ment inquiries

• Hefty sanc­tions for fail­ing to preserve/produce elec­tronic evidence

Source: “Goals Of An Elec­tronic Doc­u­ment Reten­tion Pro­gram”; Pre­sen­ta­tion by Blake Marks-Dias, Rid­dell Wil­iams P.S.; June 2006.

Com­pli­ments of File­Man Research

To Sub­scribe to the File­Man Blog click here … http://www.carymcgovern.com/feed/

Best Per­sonal Regards,

Cary