eDiscovery, Records Management and Records Retention

1
eDiscovery,Records ManagementandRecords
Retention
2
Records Management- Historical Perspective- Paper

• Historically- Paper was the Corporate Memory
  a physical entity driven by the need to retain
  items coupled with the availability of space to
  store them
• Insured authenticity (originals) and access.

3
Yesterday
1982 IBM PC XT 5.25 diskettes 128K RAM 10Mb Hard
Drive 5,545.00
4
Paperless Office
5
Records Management- Digital Perspective

• Records management is no longer visible.
• Digital information accounts for greater than 80
  of all records.
• The logical location of these stored electronic
  records is controlled by computers. And,
  although, it may appear to be less costly to
  store digital information, it is important to
  develop meaningful retention policies.

6
Paperless Office
7
Consider... A 2006 Survey (ARMA AIMM) of 17,000
Businesses, Government agencies, non-profits
and associations presented the following results

• While 87 of organizations had formal record
  management programs, over 32 of them were rated
  as ineffective .
• Over 43 of the record management programs did
  not address electronic records.
• 43 did not have a formal plan for discovery
  requests for records including litigation hold
  orders and 53 of them that did have litigation
  hold procedures did not include electronic
  records.
• 49 did not have a formal email retention policy.
• Impact of Sarbanes-Oxley Act on record management
  program has increased 56 since 2003.

8
Records Retention Policy

• Generally understood to mean a set of official
  guidelines or rules governing storage and
  destruction of documents or ESI. Such policies
  typically define different types of records, how
  they are to be treated under the policies for
  retention, the schedule for certain records
  depending on legal requirements, practical
  business or technical requirements

9
Goals of a Sound Records Management Program

• Preservation
• Compliance with Regulations Statutes.
• Mitigate Legal Risk.
• Reduce Litigation and Discovery Costs.
• Enhance Knowledge Management and Increase
  Productivity.

10
Litigation Holds Steps for Counsel

• Issue a Litigation Hold when?
• Re-Issue the Litigation hold periodically
• Identify and communicate with key players in
  personcommunicate clearly all requirements
• Identify and preserve all potentially responsive
  data

11
Preservation

• Anticipation of a Claim is all thats required to
  trigger the duty to preserve potentially relevant
  evidence.
• Effective email preservation (or destruction) is
  difficult.
• Other issues that must be addressed
• Hardware/software changes.
• Employee turnover.
• Reminders to organization.
• Suspension of defragmentation, alteration, wiping
  etc.
• Responsive vs. Reactive preservation.

12
Compliance and Risk Mitigation

• Sarbanes-Oxley.
• HIPAA.
• Gramm-Leach-Bliley
• The potential implications of Zubulake

13
ltInsert Slide Title Heregt
Compliance with organizational policies, industry
standards, local, National Government laws and
regulations dictate evolving retention periods
for all types of Data including Emails.

• Sarbanes-Oxley Act (SOX)
• HIPAA
• SEC 17 CFR Part 210
• Florida Sunshine Law
• NASD 2860/3010/3110
• FDA
• Electronic Communications and Transactions Act
• National Labor Relations Act
• Employee Retirement Security Act of 1974
• Americans with Disabilities Act
• OSHA
• Medicare Conditions of Participation
• Title VII of the Civil Rights Act of 1964

Over 6,000 State Federal Compliancy Laws
Regulations!
14
Costs

• Understand the cost of preservation vs automatic
  destruction policies.
• Make sure that you establish methods to reinforce
  your policies and test their effectiveness.
• Anticipate litigation.

15
Knowledge Management

• From a legal perspective maintain your records so
  they can be updated and be useful for future
  needs or litigation.

16
Some of the questions you must answer for your
client or company

• Has relevant data been properly preserved?
• What is the time, difficulty, costs to recover
  and retrieve relevant data? What business
  disruption will occur?
• How can relevant data be identified and
  irrelevant or privileged data be sorted out?
• How can this data be preserved to be used for
  potential future requests or other matters?

17
Changing Perspectives on Record Management

• Ignorance no longer a valid defense.
• e-Mail retention policies are difficult or
  impossible to put in place.
• Sarbanes-Oxley requires compliance, yet is vague
  in many areas.
• Cost shifting strategies and burdensome arguments
  have a very low success rate.

18
Best Practices

• Proactively prepare for future litigation.
• Map critical electronic data, systems and backup
  media.
• Align Legal, IT and the Business.
• Disaster recovery strategies must no longer be
  the only purpose of record retention.
• Create evidence management/ preservation
  programs and publish, publish, publish

19
Example

• Create the Retention schedule/ guidelines and
  publish to a employee handbook
• Create a list of every department and division
  within the corporation and then within that
  department each major category of documents
• Create a complete numbering system i.e
  LEG-0110-020 representing the Legal Department,
  the Litigation division, and expense records
• For LEG-0110-020 define the details for that
  record type electronic and paper lifei.e online
  for 3 years, after that destroy, any events that
  could have an impact, etc.
• Create a records retention manager and hotline
  for monitoring and answering immediate questions.

20
Arthur Andersen v. United States

• Enron Why was Arthur Andersen charged?
• Knowingly, intentionally and corruptly persuaded
  Enrons employees to withhold or destroy
  documents for use in a criminal regulatory
  investigation

21
Rambus, Inc v. Infineon Technologies, Inc.

• Rambus v Infineon Through depositions Infineon
  claimed Rambus doc retention policy resulted in
  the destruction of relevant docs to this patent
  litigationbut if Rambus had a documented
  retention policywhy couldnt they destroy docs
  under that program?
• Rambus was going to start initiating these patent
  infringement litigations and therefore their
  retention policy was found to be not legitimate

22
The Paperless Office