Introduction: This is the third article in a series of short informational pieces relating to one of the hottest topics in litigation over the past five years - electronic discovery. The purpose of these articles is to provide your business entity with some guidelines on how to most efficiently organize to deal with electronic discovery. The articles will continue to be emailed regularly over the next few months. If you are new to our distribution, or if you would like to view previous articles in this series relating to ESI, visit our website.
Common sense tells us that an organization should not be required to keep all of its records (paper or electronic) forever. Fewer records kept means less overall cost and greater efficiency in searching and retrieving records. However, cost and efficiency are not the only relevant considerations in deciding what to keep and for how long, and there are often tensions between the various considerations. This article will discuss some of the relevant legal and business considerations for keeping or destroying records.
According to ISO (International Organization for Standardization) 15489, a "record" is defined as information created, received and maintained as evidence by an organization or person in the transaction of business or in the pursuance of legal obligations, regardless of media. A record includes information holding operational, legal, fiscal, vital or historical value. (See Resource #1)
Information and records are valuable strategic assets, storing information representing a wealth of institutional knowledge. Any document retention program should reflect the businesses' judgment of the value of its information and records. See Pub. Citizen v. John Carlin, 184 F. 3d 900, 910-11 (D.C. Cir. 1999) (Finding it appropriate under federal statute to allow agencies to maintain record-keeping systems in the form most appropriate to the business or the agency, reflecting the administrative, legal, research and other values.)
Common sense should also tell us that there is no generic information and records management policy appropriate for every entity. The value of information will vary greatly from organization to organization, and even within an organization. The retention of records in various divisions of the business might be different. There is no one size fits all policy and procedure. To be effective, the retention procedure must accommodate the different needs of the affected group.
A reasonable records retention policy takes industry practices and business judgment into consideration. It should never be forgotten that an organization's information records primarily exist to permit the organization to do business. The organization's need for information should be a significant factor in structuring its retention program. While some documents contain information which is deemed irreplaceable and must be indefinitely retained (archived), information and records that do not have such continuing value to the organization can be destroyed when the organization, in its business judgment, determines it is no longer needed. (See Resource #2)
Courts recognize that records destruction is a necessary, every day event. Federal Rule of Civil Procedure Rule 37 (f) provides a "safe harbor" for businesses that implement and utilize good faith policies and procedures for destruction of documents. Good faith usually exists where the policy and procedure is conducted in the regular course of business and where the policy and procedure is based on rational considerations of cost and benefit, whether the plan was applied consistently and whether there is a provision for the suspension of the plan when necessary.
In deciding what records to retain, the business should keep in mind who might be seeking the production of documents and in what situations. The more common requests for production of documents are by the government as part of its regulatory function or via civil or criminal investigation, an adversary in the litigation context, a third party subpoena, or (less likely) a Freedom of Information Act (FOIA) request.
In developing its record retention practies, the business should conduct thorough research into laws, rules and regulations that set out document retention requirements. Different categories of documents will have different retention periods; but, the default retention period for public records is permanent. Such research is best done by a lawyer, who is familiar with the industry and the specific business. However, there are a number of "off-the-shelf software packages" that, when combined with regular updates, can identify relevant retention statutes and regulations. Once the legal requirements have been ascertained, it is important that they be applied consistently. Inconsistency in the application of the procedures may create the impression of ulterior motive and imply improper conduct. (See Resource #3)
It is very important that the organization maintain its records relating to the development of the records retention program. This documentation should include copies of the training material and resources, as well as any documents reflecting changes to the policy or implementation of its provisions. Without such evidence, it may be difficult to establish that the policy is anything more than an ad hoc reaction to a particular situation, in which case the protections afforded good faith policies would be lost.
Most businesses have routine legal record keeping requirements that exist as a matter of course and that are not dictated by unique situations, such as litigation. Illustrative examples of these types of requirements are listed below. Of course, the illustrations are by no means complete. (A Google search of the term "records retention" resulted in 5.8 million hits.) As noted earlier, companies need to do or have their lawyer do an exhaustive search of legal sources to determine what requirements apply to them. For purposes of this article, some of these example requirements include:
- Sections 802 and 1102 of the Sarbanes-Oxley Act of 2002 (criminal penalties for destroying or concealing documents)
- The Securities and Exchange Commission has issued rules relating to the Retention of Records Relevant to Audits and Reviews, 17 CFR Part 21
State and Federal Regulatory Needs
- HIPPA - Health Insurance Portability and Accountability Act of 1996
- The investment industry is under a requirement to maintain for a specified period (3 or 6 years depending on the circumstances) all communications with certain investment customers.
State and Federal Statutory Needs
- The USA Patriot Act contains numerous document retention requirements.
- Every state has some form of document retention regime, driven in varying measure by the state's corporation, tax, employment, environmental and other laws and regulations.
- Instead of requiring the retention of records, The Federal Fair and Accurate Credit Transaction Act requires a business to destroy personal information of former employees and consumers before it is discarded.
- Personnel records normally should not be stored on company computers because of privacy concerns.
- Companies that do business in foreign countries have even more unique needs, for example, The Charter of Fundamental Rights of the European Union.
The Opinion of the United States Supreme Court in the Andersen Consulting case, Arthur Andersen v. United States, 544 U.S. 696, 704, 708 (2005), makes it clear that document destruction in the normal course of business is acceptable. The Court noted that document retention policies, which are created in part to keep certain information from getting into the hands of others, including the Government, are common in business. The Court also noted that it is not wrongful for a manager to instruct his employees to comply with a valid document retention policy under ordinary circumstances. "A knowingly corrupt persuader cannot be someone who persuades others to shred documents under a document retention policy when he does not have in contemplation any particular official proceeding in which those documents might be material." 544 U.S. at 708.
Thus, if a document destruction policy and procedure was developed in good faith and not for the purpose of destroying evidence relevant to litigation or investigation, it will be upheld. If a business has reason to anticipate that a claim might be made by a third party or an investigation might be conducted, it is obligated to suspend its document retention procedures, at least to the extent that it impacts the claims, i.e. it needs to make sure that relevant documents are not destroyed. This is called a "litigation hold", a topic that will be explored in our next discussion.
Even in situations where an organization is required to put a "litigation hold" on documents related to a specific case or specific issues, it is allowed to continue to implement its good faith document retention policy, i.e. document destruction, with respect to documents outside the litigation hold.
In conclusion, document destruction is not evil. Destruction is an acceptable stage in the information life cycle. An organization may destroy information when there is no continuing value or need to retain it. When a business adheres to a rational document retention policy in good faith and destroys documents without knowledge of the reasonable possibility of a claim, there will be no sanctions for following the policy. The development of a document retention policy often requires the services of legal counsel. (See Resource #4)
In the next Legal Watch Series: Preparing for E-Discovery newsletter, we will explore the important topic of litigation holds. Stay tuned!
About the Author
For more information or questions regarding E-Discovery and the Rules for Electronically Stored Information Management, contact Michael R. Palumbo.
Michael R. Palumbo focuses his practice on commercial and real estate litigation. Particular areas of experience include banking (UCC Articles 3 & 4) litigation; title insurance, escrow agent and Deed of Trust litigation; and quiet title, adverse possession, homeowners' associations and real estate agent disputes. He has participated in more than 50 trials in the Superior Courts of Arizona and District Court of Arizona, in most of which he was lead counsel. Mr. Palumbo can be reached at 602.262.5931 or email@example.com.
Resources Used for This Legal Watch
- Grenig, et. al, Electronic Discovery and Records Management Guide, §5: 2, p. 146, 2009 edition
- Grenig, et. al, Electronic Discovery and Records Management Guide, §4: 1, p. 101, 2009 edition
- Carlucci v. Piper Aircraft Corp., 102 F.R.D. 472, 485 (S.D. Fla. 1984)
- Federal Rule of Civil Procedure 37 (f) - "safe harbor" provision