eDiscovery and Records Management

Corporate Records Management

Historically- Paper was the “Corporate memory”- a visible, physical entity. Original documents insured authenticity. Records Management policies were manageable.

Records Management- Digital Perspective

Records management is no longer visible. Digital information accounts for greater than 90%

of all records.The logical location of these stored electronic

records is controlled by computers. And, although, it may appear to be less costly to store digital information, it is important to develop meaningful retention policies.

Corporate Records Management

ARMA AIIM Surveys -2009 Survey -of 17,000 Businesses, Government agencies, non-profits and associations. •While 83% of organizations reported formal records management programs 24% still reported them as ineffective.

•25% of the record management programs did not address electronic records

•34% did not have a formal plan for discovery requests for records including litigation hold orders. 13% still did not include electronic records in their litigation hold procedures.

•47% did not have a formal email retention policy.

Corporate Records Management

ARMA AIIM Surveys -2009 Survey

Survey results have actually improved and show some significant action taking place. But they also reflect a continued weakness in the processes and systems for handling electronic records. Principle driver:The magnitude of litigation and the demand for regulatory compliance has brought the need to address records management to many companies.

Corporate Records Management

Objectives of a Sound Record Management program

• Preservation

• Compliance with Regulations & Statutes.

• Mitigate Legal Risk.

• Reduce Litigation and Discovery Costs.

• Enhance Knowledge Management and Increase Productivity.

Records Management- Preservation

• Anticipation of a Claim is all that’s required to trigger the duty to preserve potentially relevant evidence.

• Effective email preservation (or destruction) is difficult.

• Other issues that must be addressed:Hardware/software changes.Employee turnover. Work on home computers.Reminders to organization.Suspension of defragmentation, alteration, wiping etc.Responsive vs. Reactive preservation.

Records Management- Legal Holds

Litigation Hold Coordination- a litigation hold directs the organization or identified parties to segregate and protect from destruction certain documents and data that are, or arguably may be, relevant to a threatened or pending litigation.

Counsel must be sufficiently knowledgeable of their companies or clients electronic systems to identify any potential source of relevant electronic data.

Eight Steps to Defensible Legal Holds

1. Identify when the preservation obligation began.

2. Determine what ESI should be preserved.

3. Designate a Technical Authority.

4. Issue timely legal hold notices.

5. Confirm compliance with legal hold notices.

6. Document compliance with the legal hold process.

7. Actively monitor compliance with legal holds

8. Release the legal hold once the matter is concluded.

Corporate Compliance Legal Issues

Sarbanes-Oxley Act (SOX)Health Insurance Portability & Accountability

Act (HIPAA)Foreign Corrupt Practices ActGovernment BailoutsGramm-Leach Bliley ActFair and Accurate Credit Transactions Act of

2003 (FACTA)

<Insert Slide Title Here> Compliance with organizational policies, industry standards, local, & National Government laws and regulations dictate evolving retention periods for all types of Data including Emails.

Sarbanes-Oxley Act (SOX)

HIPAA

SEC 17 CFR Part 210 Florida Sunshine Law NASD 2860/3010/3110 FDA Electronic Communications and Transactions Act National Labor Relations Act Employee Retirement Security Act of 1974 Americans with Disabilities Act OSHA

Medicare Conditions of Participation Title VII of the Civil Rights Act of 1964

Over 6,000 State & FederalCompliancy Laws &

Regulations!

Corporate Compliance Legal Issues Accounting/reporting

fraud Anti-boycott Antitrust Conflicts of interest Consumer protection Discrimination/EEO Document retention E-Mail/Internet Use Environmental protection Export Control Foreign Corrupt Practices

Act Fraud prevention

Intellectual Property Money Laundering Insider Trading Protection of Confidential

Information Political contributions Lobbying Government contracting Product Quality Workplace Safety Gifts & Entertaining Privacy Harassment Executive Pay

Corporate Compliance Challenges

Capturing, maintaining, retrieving and protecting information in a consistent manner.

Creating a governance and approval process.Unstructured data v. structured data

– E.g. audio and video files.

Corporate Compliance- Technology Review

Legal should be involved with the corporation’s technology selection(s) to insure that it satisfies compliance requirements and will handle any necessary complexity. Additionally, they need to insure that standards and procedures are properly communicated to the organization.

Costs

Understand the cost of preservation vs automatic destruction policies.

Make sure that you establish methods to reinforce your policies and test their effectiveness.

Anticipate litigation.

Knowledge Management

From a legal perspective maintain your records so they can be updated and be useful for future needs or litigation.

Some of the questions you must answer for your client or company

Has relevant data been properly preserved? What is the time, difficulty, costs to recover and

retrieve relevant data? What business disruption will occur?

How can relevant data be identified and irrelevant or privileged data be sorted out?

How can this data be preserved to be used for potential future requests or other matters?

Changing Perspectives on Record

Management

Ignorance no longer a valid defense.e-Mail retention policies are difficult or impossible

to put in place.Sarbanes-Oxley requires compliance, yet is vague

in many areas.Cost shifting strategies and burdensome

arguments have a very low success rate.

Best Practices

Proactively prepare for future litigation.Map critical electronic data, systems and backup

media.Align Legal, IT and the Business.Disaster recovery strategies must no longer be

the only purpose of record retention.Create evidence management/ preservation

programs and publish, publish, publish

Example

Create the Retention schedule/ guidelines and publish to a employee handbook

Create a list of every department and division within the corporation and then within that department each major category of documents

Create a complete numbering system; i.e LEG-0110-020; representing the Legal Department, the Litigation division, and expense records

For LEG-0110-020 define the details for that record type electronic and paper life…i.e; online for 3 years, after that destroy, any events that could have an impact, etc.

Create a records retention manager and hotline for monitoring and answering immediate questions.