By Robert F. Copple -
In the course of my career as a lawyer, I've searched for old documents in an abandoned Colorado mine shaft, a forgotten building in the Puerto Rican jungle and in the garages of long-retired engineers.
I always found the papers. Now that we have computers, if the morass of digital data is mismanaged, finding information can be harder or impossible. Companies large and small can risk serious legal liability if they can't find something or if they saved something they wish they hadn't.
Because storing paper documents was burdensome and expensive, companies limited the papers produced and preserved. With electronic-data storage, it is quicker, easier and cheaper to save everything.
Some data you need to save. There is a growing collection of heavyweight federal and state laws, as well as international rules, that require companies to preserve data. The Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act and the Internal Revenue Service Code have strict requirements about saving documents.
The European Union Directives establish strict policies about the collection, transmittal and use of personal information that will apply to any foray into international commerce. Failure to abide by these regulations can bring severe consequences.
But if you save everything, you may be sorry. Electronic discovery can be debilitatingly expensive and may turn up difficult-to-explain documents or e-mails. Once litigation is foreseeable, disposing of potentially relevant data can result in court-ordered sanctions or even a default and judgment without even going to trial.
Examples of mistakes in saving or disposing of data abound. Enron went down, at least in part, because it illegally destroyed documents after litigation appeared on the horizon. We can't forget the Merrill Lynch e-mails in which brokers trashed the very stocks they were trying to sell to the public.
Businesses can create policies that will eliminate at least most of the potential liability associated with saving too much or too little data:
• Data should be discarded unless there is a good business and/or legal reason to keep it. Data should be preserved if it is potentially relevant to ongoing or foreseeable litigation. The goal is to comply with the law, but not to save more than required.
• A policy must be simple, not intricate to the point of dysfunction. Once a policy becomes too complex, employees will ignore it. At the beginning of the Internet boom, the National Security Agency created complex rules for transferring sensitive data from one employee to another. Rather than comply with the rules, employees discovered it was much easier to send data to each other as e-mail, bypassing the NSA systems. Strive for simplicity with broad categories (such as "tax records") and time (three- or 10-year retention).
• Rules must be consistent. Inconsistency in saving documents will create a taint of intentional wrongdoing. It's hard to explain why you discarded data for the first time just three days before being served with an antitrust complaint.
Enforcement must be simple and consistent. Use automated systems to dispose of unnecessary data and procedures for employees to deal with the documents that aren't picked up through automated systems. For example, you can control the size of employee mailboxes or use systems that automatically dispose of old e-mails.
Intel has established what amounts to a corporate holiday to dispose of unnecessary data and documents. Once a year, Intel holds "Pack Rat Day," when employees cleanse their paper and computer files.
IT professionals should not be exempt. By nature, they want to save everything - twice. For example, backup tapes can present an enormous glitch in a data-retention policy. Backup tapes are intended for one purpose: the emergency restoration of a computer system after a complete crash. Many businesses make the mistake of saving several sets of backup tapes as archives. This can create a nightmare of enormous litigation discovery costs if it is ever necessary to search those tapes. A company should limit itself to no more than two sets of backup tapes, which are consistently recycled at particular intervals (such as two weeks). This will make it unlikely that the backup tapes will ever be successfully demanded as a source of old and otherwise disposed-of data.
There is a particular way of thinking about resolving business and legal disputes called the 80/20 Rule that applies to managing data. Simply put, the 80/20 Rule suggests that 80 percent of any particular project can be accomplished with 20 percent of the effort. However, the remaining 20 percent of the project will require 80 percent of the effort. With an electronic data policy in place addressing 80 percent of the issues, a company will be better positioned to deal with the more difficult problems should a crisis arise.
Source: The Arizona Republic
