Understanding the problem

Most companies have lost control of sensitive business data as a result of the popularity of small computer systems. The trade secrets, financial records and confidential memoranda that were once the province of a secure mainframe computer are now scattered across countless disks and tapes in every corner of the organization. This has made companies much more vulnerable to corporate espionage, the theft of trade secrets, and requests for electronic documents in litigation. Corporate attorneys must advise their clients to re-assert control over their information by developing and implementing data retention policies.

Selling the solution

A well-crafted, properly implemented data retention policy can have a huge return on investment. The benefits include:

Steps to success

Many companies start by forming a small committee with senior staff members from the legal, financial and computer support departments. After educating themselves on this issue, the committee members should assess their company’s risks. Policy development should be guided by these risks, and establish retention periods for each category of electronic documents (e.g. "electronic mail messages will be purged after 45 days"). Make sure the policy addresses the appropriate use of company electronic mail systems, how information will be destroyed, and how privileged records are segregated. It should also detail how electronic information is secured in the event of litigation.

Ironically, computers can become part of the solution with technologies that facilitate and track data retention practices. Computer support staff will be familiar with hierarchical storage management programs, operating system security features, and document indexing software that can help.

The policy committee should resolve potential conflicts with their company’s other computer-related policies. Their work must be consistent with regulatory requirements, any existing disaster recovery plan and e-mail and Internet usage policies. Lastly, they must evaluate the logistics of policy enforcement.

A successful policy will have the cooperation of senior management and be inaugurated with presentations for employees. A few hours might be set aside for employees to purge their computers of their own electronic archives. Periodic reminders can be issued from computer logon screens and new employees can be educated during orientation sessions.

Additional resources

Degan, Nancy Scott and Beh, Thomas M. "The Golden Needle in the Electronic Haystack: Electronic Messaging and Modern Litigation." The Practical Litigator, November 1998, p. 9

Lovell, Charles A. and Holmes, Roger W. "The Dangers of E-Mail: The Need for Electronic Data Retention Policies." Rhode Island Bar Journal, December 1995, p. 7