5.1 - Document Retention Policies In An Era Of Heightened Awareness to Corporate Governance Practices & Frequently Asked Questions


October 2003

This paper answers frequently asked questions regarding document retention policies. The answers are based on a review of the law and commentary. References to court opinions, court rules, statutes, and other support for the statements expressed herein are presented in the Endnotes.

A. Introductory Questions

1. What is a document retention policy?
A document retention policy is a written policy designed to ensure that the recorded communications of an organization are managed in an effective, efficient, and lawful manner. As used in this memorandum, a document retention policy must set forth, at a minimum:

(1) The types of documents that must be retained by an organization;
(2) The time periods for which particular types of documents must be retained; and
(3) How the policy is to be administered, including who will be responsible for its administration.

2. Is there a difference between a document retention policy and a document destruction policy?
Occasionally, document retention policies are referred to as document destruction policies. As defined in this memorandum, a document retention policy sets forth the documents that must be retained by an organization. This memorandum discusses the circumstances under which a document retention policy may also require documents to be discarded.

3. Why should a document retention policy be adopted?
There are several benefits to adopting and following a document retention policy:

(1) The organization will possess the documents it needs for business, regulatory, legal, and business continuity purposes.

(A) An organization’s documents provide a record of its business activities, policies and decisions, both past and present.

(B) The information contained in such documents may reflect a significant investment which, if properly stored and leveraged, can significantly enhance the organization.

(C) Employees of the organization may be able to reduce the time required to find the documents needed to perform their functions.

(D) A document retention policy may be integrated with a policy and procedure to back up critical business records in the event of a catastrophe. Insurance companies increasingly are requiring public companies to undertake such business continuity planning, and may reduce insurance premiums if effective policies are adopted. Independent auditors and Audit Committees also may inquire into the existence of business continuity plans. Moreover, as several leading broker-dealer firms discovered after their hard copy customer records were destroyed in the September 11 tragedy, not being able to restore critical documents may run afoul of regulatory requirements.

(2) As discussed below, a good document retention policy will require the retention of all relevant documents when an organization becomes aware of a reasonable probability of lawsuit or government investigation.

A. If the policy is successfully followed and relevant documents are retained, this reduces the probability that document retention issues collateral to the merits will arise. In the civil context, the sanctions from the failure to retain documents include paying an opposing party’s attorneys fees, adverse evidentiary presumptions, exclusion of evidence, adverse jury instructions, default judgment, and collateral charges arising from document retention issues. In some cases, even a negligent failure to retain or produce documents on a timely basis may result in sanctions. There also can be criminal sanctions, as discussed below.

B. Should a document not have been retained, the adoption of a document retention policy is a factor courts may consider in deciding whether and how the organization may be sanctioned, in both the civil and criminal contexts.

(3) Employees will be allowed (and may be required) to discard documents that need not be retained. This allows the organization to save space otherwise used to store documents.

4. Who should adopt a document retention policy?
Any organization subject to any legal requirement to retain documents should adopt a document retention policy. This will allow the organization to insure that it complies with these requirements. Independently, all public companies should adopt a document retention policy, as an element of good corporate governance practice. Moreover, for public companies listed on an exchange or NASDAQ, the Sarbanes-Oxley Act requires the retention of some particular categories of documents: confidential whistleblower complaints; documentation to provide reasonable support for management’s assessment of the effectiveness of the issuer’s internal control over financial reporting; and a manually signed signature page or other authenticating document for the Section 906 certification, which must be retained for a five-year period. (The latter two categories are discussed in Section B (7) below).

5. When should a document retention policy be adopted?
Sooner is better than later, but not immediately after an organization becomes aware of a lawsuit or government investigation. At such times, the organization should take the inclusive litigation-related document retention measures set forth below. The organization should wait until it is certain that all relevant documents have been preserved to adopt a more comprehensive document retention policy, to avoid creating an inference that the policy was adopted for the purpose of discarding documents relevant to the lawsuit or investigation.

6. Can there be criminal consequences from the destruction of relevant documents?
Yes. In addition to the federal obstruction of justice statutes, there are new crimes arising from the knowing and willful destruction or alteration of documents created by the Sarbanes-Oxley Act. It is now a crime to knowingly destroy, alter, or falsify documents and other records in federal investigations and bankruptcy, at penalty of up to 20 years imprisonment. The Act also added a new offense making it a crime to knowingly and willfully violate new requirements to preserve corporate audit records, at penalty of up to 10 years imprisonment. The Act also amended the witness tampering statute, making it a crime to corruptly alter, destroy, mutilate, or conceal documents with the intent to impair their integrity or availability in an official proceeding, at penalty of up to 20 years imprisonment.

B. Contents of Document Retention Policies

1. How should a document retention policy be written and approved?
The policy should be written by legal counsel, in consultation with representatives of senior management and the organization’s MIS (management information systems) Department:

  1. Legal counsel will be able to ascertain the statutory and regulatory retention obligations applicable to the organization.
  2. MIS Department input and approval is critical given the overwhelming significance of electronic documents, and any potential need to design MIS systems to implement document retention needs. This does not mean that an organization’s internal MIS Department need implement and operate the organization’s electronic document retention systems and policies; both small organizations (for lack of internal expertise) and large organizations (due to the size of the task) may choose to outsource the creation and/or maintenance of document retention systems.
  3. When document retention shortcomings are discovered in litigation, on some occasions, it is senior management that is called to task. In addition, senior management will be able to direct legal counsel and/or the MIS Department to business unit managers or their designees, who can identify the business processes and retention needs of the business units. The International Standards Organization regards the collection of this type of information as essential to the creation of a records management policy.
    In light of the increasing significance of document retention and business continuity planning, at least for public companies, there is a good argument that a document retention policy should be approved by the organization’s Board of Directors or a corporate governance committee thereof.


2. Should all organizations adopt the same document retention policy?
No. Organizations may be subject to statutory or regulatory obligations particular to their business. Some (but not all) of these obligations are listed in Appendix B. Moreover, the size, sophistication, and computer system architecture of a particular organization must be taken into account in creating its document retention policy.

3. Are there general principles that should inform a good document retention policy?
Yes. While a one-size-fits-all document retention policy does not exist, all policies should reflect certain general principles:

(1) The policy should focus first on the documents to be retained, and then on the documents to be discarded. Almost every organization is subject to regulations requiring documents to be retained. In addition, most organizations will decide that it is desirable to retain other documents for business purposes. For example, most businesses that enter into contracts will want to retain a copy of the contracts for as long as they are in effect.

Thus, there are ample reasons for organizations to take affirmative steps to insure that certain documents are retained. Most commentators assume that there are just as many reasons for reason for organizations to take affirmative steps to insure that documents are discarded. For example, one commentator advises, “perhaps the most important component of a document retention plan is the systematic disposal of documents that have outlived their usefulness.” The International Standards Organization, which certainly is an experienced policy making body, advises that organizations should institute a records management program “ensuring that records are retained for only as long as needed or required.” Such advice is given based on perceived needs to save physical or computer space used to store documents, limit the number of documents to be produced in discovery, or preserve only a limited documentary record of an organization’s business.

To be certain, it is not practical for an organization to forever retain all documents ever created. Moreover, it will be easier for an organization to find the documents it needs if they are not lost in a stack of documents that it does not need. However, these imperatives need not require an organization to adopt a policy to systematically discard documents. Rather, organizations should ask whether the goals of saving space and finding important documents can be achieved by requiring the retention of certain types of documents that must be retained for one reason or another, and allowing (but not requiring) members of an organization to discard documents outside these categories if such documents have “outlived their usefulness,” i.e., are not necessary to conduct the business of the organization. This may be combined with a system to archive electronic documents, so that the organization is certain that copies are retained in the event litigation arises.

The principal benefit of a document retention policy that does not require documents to be discarded is that the enforcement of such a policy does not present the appearance of an intent on the part of the organization to discard documents for improper purposes (i.e., avoiding their disclosure in litigation). Recent events prove this to be an important benefit. A secondary benefit of a document retention policy that does not require documents to be discarded is that such a policy is easier to enforce. As the size of an organization increases, the implementation of a literal mandate to “systematically” discard documents becomes increasingly expensive. Moreover, as discussed below in the section on Electronic Documents, as a practical matter, it is difficult if not impossible to discard all copies of electronic communications.

If, however, an organization has systematic difficulties and cost concerns with the piling up of unnecessary documents, it may choose to take affirmative measures to require periodic discarding of documents that need not be retained. In addition, there may be specific types of documents that cannot or should not be retained as a matter of law. For example, if an employee has downloaded inappropriate material from Internet sites, and it is against policy for such material to be accessed using the organization’s computers, the material should be discarded, unless there is a litigation-based requirement to retain it. There also may be contractual obligations to discard documents.

In the final analysis, we largely agree with the International Standards Organization that any document destruction should be authorized. That is, if a document retention policy will require that documents be discarded, the policy should state the business or legal purposes for the requirement. And, as discussed immediately below, no relevant documents should be discarded if an organization is aware of the reasonable probability of a lawsuit or government organization.

(2) The policy should state that it is the policy of the organization to retain all documents relevant to a lawsuit or government investigation as soon as the organization becomes aware of a reasonable probability of such lawsuit or investigation. Once a party to a pending civil lawsuit or government investigation has notice of the proceeding, it has a duty to preserve all materials relevant to that proceeding, in their original form. However, a legal obligation to preserve documents may arise before this point: specifically, when a lawsuit or investigation is reasonably foreseeable. (Within the scope of “government investigation,” organizations should include nominally private entities that have been delegated regulatory authority by the government; for example, the New York Stock Exchange and the National Association of Securities Dealers.) There may also be statutory triggers to preserve documents. Courts also may enforce document preservation demand letters sent by an adverse party in litigation. And one court sanctioned a company for its senior management’s failure to distribute a general document preservation order entered by the court. Furthermore, the organization need not be a formal party to the lawsuit or investigation for a retention obligation to arise. To take the most celebrated example, Arthur Andersen was convicted of destroying documents because one of its attorneys sent a reminder to implement the document retention policy (which required discarding documents) three days after she had noted that an SEC investigation of Enron (not Arthur Andersen) was “highly probable.”

We recognize that it may be very difficult to determine when there is a reasonable probability of a lawsuit or investigation. The mere possibility of future litigation does not create a duty to retain documents. Rather, an obligation to retain relevant documents arises when there is some communication from a potentially adverse party or investigative agency to the effect that a lawsuit could or would be filed.

By enunciating its intention to comply with these obligations in its formal document retention policy, the organization makes it absolutely clear that enforcing its policy means preserving documents, not discarding them, in the event of litigation or investigation – thus avoiding the problem that toppled Arthur Anderson. This also will place the organization in a better position if, contrary to policy, the policy was not completely followed.

(3) Retention should not be based on the perceived harm that the contents of a document would cause to the organization if it was disclosed. Organizations may be tempted to draft document retention policies (or practices) based on a purpose of retaining only those documents whose contents are perceived to be favorable to the organization, and discarding those documents perceived to be harmful to the organization. We do not think that such a purpose should underlie a document retention policy, for several reasons:

First, it may harm an organization in litigation if is document retention policy reflects an intent to discard documents for improper purposes. A prominent commentator on electronic discovery agrees with this assessment. Especially once a lawsuit or investigation has been commenced, it does not pay to be clever in terms of document retention.

Second, there are limits on the ability to assess which documents will prove to be harmful to an organization. Put in other terms, we do not think it is possible to foresee what documents will be necessary to an organization’s defense or prosecution of litigation. For example, an e-mail document that discusses potential issues with a company’s financial statements may appear to be harmful, but in the end may prove valuable as evidence that the company discussed and considered those issues in preparing its financial statements.

Third, as discussed below in the section on Electronic Documents, as a practical matter, it is difficult if not impossible to discard all copies of electronic communications.

Fourth, a thorough pursuit of a policy to retain only those documents whose contents are perceived to be favorable to the organization may distract from the core business of the organization.

4. What other elements should be included in a document retention policy?
General principles underlying an organization’s document retention policy should be stated in a preamble. Additional elements of the policy include the following:

  1. A schedule describing the types of documents that must be retained, the time periods for which each type of document must be retained, and how each type of document must be retained.
  2. A description of the measures to be taken once the organization becomes aware of the reasonable probability of a lawsuit or government investigation. At a minimum, the policy should state that should such circumstances arise, there will be a communication describing the measures to be taken.
  3. Any other retention (or non-retention) obligations. For example, if an organization chooses to require employees to periodically discard documents that are no longer necessary to be retained, this should be stated in the policy.
  4. The name(s) of the person(s) in the organization to which any document retention question should be addressed.
  5. As with any organizational policy, the date of the policy.

A sample Document Retention Policy is presented as Exhibit A to this memorandum. However, as noted above, an organization’s actual policy should be developed by legal counsel in conjunction with senior management and the organization’s MIS Department. The sample policy is included to set forth principles and language that will be used in most policies.

5. What other elements may be integrated with a document retention policy?
As noted above, a document retention policy may be integrated into an organization’s business continuity planning. A document retention policy also may be integrated into policies regarding employees’ use of the organization’s computers. For example, employees may be informed that the organization’s e-mail system is company property and may be used solely for business purposes, and that electronic mail messages and downloaded files may be archived by the organization as part of the document retention policy. This knowledge may discourage employees from sending inappropriate messages or downloading inappropriate files. A document retention policy also may be integrated into employee training on the contents of e-mail messages, as discussed below. A document retention policy may be integrated into policies restricting access to particular types of documents. Finally, a document retention policy may include a discussion of the rationale for retaining particular documents for particular lengths of time. However, including such a discussion will lead to a longer and more complicated policy.

6. Apart from legal or regulatory obligations to retain documents, what other principles should be used to determine how long documents must be retained?
Organizations should consider the following principles:

(1) A document retention policy should require documents to be retained as long as they are needed to conduct the business of the organization. For example, contracts should be retained so long as they are in effect (and most commentators also advise retaining them for an additional period, equal to the statute of limitations for a breach of contract action). Some commentators further opine that documents should not be saved any longer than they are needed to conduct the business of the organization. As noted above, a document retention policy may or may not instruct employees to discard documents that are no longer needed.

(2) A document retention policy should attempt to forestall a situation in which the only documents pertinent to a significant transaction or event are possessed by persons outside of the organization. For example, in the event of a dispute between a vendor engaged in an ongoing sales or service relationship with a client and the client, it would not benefit the vendor if only the client possessed a document record of the ongoing relationship. To cite another example, regulations mandated by the Sarbanes-Oxley Act will require auditing firms to retain certain records of their public company audits and reviews for seven years. Public companies do not benefit if the only documentary record of what occurred in the audits and reviews is possessed by their auditors.

(3) Transaction-related documents should be retained for at least as long as the statute of limitations period for legal claims that could arise out of the transaction.

7. Are there particular types of documents that most organizations will need to address in their document retention policies?
Yes. All organizations need to retain tax and employment records for at least some length of time. Moreover, public companies should pay particular attention to retaining documents created in the course of preparing their financial statements, as well as the audits and reviews of those statements. Indeed, as of August 14, 2003, the SEC’s interpretative rules regarding Section 404 of the Sarbanes-Oxley Act require an issuer to “maintain evidential matter, including documentation, to provide reasonable support for management’s assessment of the effectiveness of the issuer's internal control over financial reporting.” The SEC also required retention of a manually signed signature page or other authenticating document for the Section 906 certification, which must be retained for a five year period.


C. Electronic Documents

1. What are electronic documents?
Broadly speaking, “electronic documents” encompasses more than just e-mail. It covers a wide variety of electronic information such as files created by word processing, spreadsheet, and other commonly used applications; databases; and files stored in personal digital assistants and other ancillary storage devices – all of which may be discoverable in litigation.

2. How significant are electronic documents?
Extremely significant, quantitatively, qualitatively, and legally:

Quantitatively, it is estimated that 93% of all documents are in electronic form. In a large organization, billions of bytes of electronic information may be created over a period of time. When it comes to document retention, then, “documents” means “electronic documents.”

Qualitatively, electronic documents are different than hard copy documents in several respects. First, electronic documents are easy to create, modify, and disseminate. Second, and as a corollary proposition, in any networked computer system, there is a high probability that at least one iteration of a document will be preserved. This is because when electronic files are transmitted from computer to server to computer, as well as to recipients, there are more opportunities for one nexus in the chain to retain a copy. Third, electronic documents often contain, in addition to their formal contents, “metadata” – that is, information regarding the creation and characteristics of the document. For example, an electronic spreadsheet may contain the name of the person who created the file, and when it was most recently edited. Metadata may be discoverable, although this is an open question. Fourth, it is probably easier to manipulate electronic documents than it is hard copy documents. For example, a knowledgeable person may be able to forge e-mails or alter word processing files. This raises issues as to the authenticity of electronic documents, whether they are proffered in litigation by an organization or its adversary.

Legally, there is a trend for courts to require the production of electronic documents, or at least early discussion between parties as to the scope of production. Moreover, electronic documents increasingly are regarded as the source of the most highly probative evidence.

As a result of these factors, electronic documents present unique difficulties, which a document retention policy must take into account. Put simply, an organization may create a very large volume of electronic documents; and as at least one copy of all of those documents is likely to exist somewhere, a demand to produce electronic documents in litigation (which may be expected given the perceived probative value of e-mail messages) can be difficult and expensive to comply with.

3. Can an organization rely on the existence of hard copy printouts of e-mail messages?
No. First, it is difficult to ensure that all e-mail messages that may be needed by the organization have been printed out. Second, production of hard copies alone may not satisfy discovery obligations.

4. Are there technological solutions to the difficulties presented by electronic document retention?
Yes. These solutions rely on a distinction between backup systems and archive systems. Backup systems are designed to save most if not all of the electronic files of an organization’s computer system, so that the files can be restored in the event of a catastrophe in order to allow the business of the organization to continue. Most organizations have backup systems for business continuity purposes. The dilemma is that if e-mail files are saved only on backup tapes, the presence of the large volume of other files on the tapes may make it difficult to search for particular e-mails for litigation purposes. Archive systems, in contrast, are designed to save only those documents specified by the organization, and may be designed to save e-mail and applications files in a manner that facilitates searching and retrieval in the event of litigation.

If a organization saves documents in an archive system, then it may save time and expense in producing documents in litigation from that system, and may be able to persuade a court that it need not also search and produce from backup systems. An archive system also may confer other benefits:

  1. It allows an organization to find e-mails it may need in a non-litigation context.
  2. It may help resolve authenticity issues by identifying spurious or forged electronic documents proffered by an adversary of the organization (where such files cannot be found in the archive system), and by providing a basis for the organization to proffer electronic documents that are in its archives.
  3. It may reduce the costs of electronic discovery, as attorneys may not need to print out and review a large volume of electronic documents if they can more selectively search for and review the database of electronic documents.
  4. It may help in identifying privileged documents, which must be retained even though they are not produced; and hence reduce the risk of an inadvertent disclosure of privileged communications.

In considering a technological solution, an important principle to remember is that organizations have only a limited ability to anticipate technological change. Electronic documents are created in a particular computer environment and maintained in a particular medium. However, by the time it comes to collect, review, and produce electronic documents, that medium or the computer environment may no longer be used by the company, or (if the time span is long enough) by anyone.

5. What about damaging e-mails?
Everyone is familiar with e-mail messages that have come back to haunt their authors. For the reasons explained above, in any networked computer system, there is a high probability that at least one copy of an e-mail message will be preserved. This factor alone – that is, the practical impossibility of complete deletion – counsels organizations to forego attempting to control the contents of e-mail messages once they have been disseminated, in favor of management on the supply side.

Employees should be informed that the contents of e-mail messages may be preserved for eternity, notwithstanding the apparently ephemeral nature of such communications; and that as a result, care should be taken to insure that any messages reflect the opinions and knowledge of the author and, to the author’s knowledge, the organization, and do not jump to unwarranted legal conclusions or assumptions. Organizations also may consider training employees to respond to inaccurately derogatory e-mail with counter-messages. For example, if an employee receives an e-mail message that misrepresents the facts, the employee may send a reply message setting forth the accurate facts. By doing so, there will be a record of the employee’s objection to the original message.

6. If there is litigation and electronic documents are demanded to be produced, who pays for the costs of retrieving and producing them?
Courts have considered this question in earnest in the last three years. Prior to that time, some courts had placed the costs of production entirely on the producing party, on the basis that the party had chosen to store information electronically. Today, however, most courts recognize that electronic information is a necessity, not an option. Many courts have required the requesting party to pay for the costs of finding and retrieving potentially responsive electronic documents, while rendering the producing party responsible for any costs of screening for attorney-client privilege or content prior to production. Other courts have designed multifactor tests to determine when a requesting party must pay for the costs of production. A further approach is to use sampling. Courts may allow a requesting party to retrieve electronic documents from a small sample of the larger set of electronically stored information, at the cost of the producing party, to test whether the benefits of the information that may be retrieved justifies the costs of further searching and retrieval. The costs of electronic document production also are being addressed by statutes and court rules.


7. Is there an obligation to save and produce “deleted” files once a lawsuit has been commenced?
The term “deleted” is in quotation marks because in many computer systems, files that are marked to be “deleted” by the user are not physically removed from the storage medium (e.g., the hard disk). Rather, the reference to such files is removed from the system, such that they cannot be found in a normal search for files (a directory); but the contents of the files remain on the storage medium until the medium is reformatted or another file is overwritten to that space. There are computer programs that allow experts to find the “deleted” files on the storage medium and restore (“undelete”) whatever portions of the files that have not been overwritten. Thus, in theory, files that have been “deleted” may still exist, and a requirement to retain all relevant electronic information may encompass deleted files. As a practical matter, however, there are only two ways to insure that “deleted” files are preserved: create an exact duplicate of the storage medium, which is a costly enterprise as the number of media (hard disks) increases; or “freeze” the storage medium by prohibiting the writing of new files that may overwrite “deleted” files, an option that renders the storage medium unusable.

There is no definitive answer to this question. Two federal courts held that deleted files are discoverable, which would imply that they must be retained once an organization becomes aware of a reasonable probability of a lawsuit or government investigation. However, the American Bar Association’s model discovery rules state that recovery of deleted files normally is not required; and certain civil discovery rules sanction discovery of electronic documents to the extent this is reasonable, which implies that an unreasonable obligation to freeze all storage media in order to preserve deleted documents is not required. If, however, there is an allegation in a lawsuit or government investigation that relevant electronic documents were deleted, an organization should consider undertaking measures to find and preserve the deleted documents, as in that case they are particularly relevant. In any event, it is very important that any attempt to “undelete” files be undertaken by an expert.

8. If there is litigation, is there an obligation to retain electronic documents stored on the employees’ computers used at home?
There may be. The scope of a discovery request to an organization extends to documents in the possession, custody, or control of the organization. If the organization supplies computers for employees to use at home, it may be argued that those computers are in the organization’s control, and hence that relevant documents stored on them must be retained and (if requested) produced.

D. Administration of Document Retention Policies

1. How centralized should the administration of document retention policy be?
As noted above, there is considerable centralization in the creation and adoption of a document retention policy. In the normal course of business, however, an organization must rely on its employees or other members to enforce a document retention policy (like any other policy), and employees should be informed that they will be expected to adhere to and implement the policy. Opportunities to exert centralized control exist in training and audit functions, as discussed below. Moreover, when litigation-related preservation document retention obligations arise, the degree of centralization in administration should increase, given the significance of that context and the statement of some courts that it is senior management’s responsibility to undertake document retention measures. Finally, as a related point, there should be a representative of the MIS Department, reporting to Finance or Administration, that serves as the Document Retention Administrator, as the guardian in charge of the policy and its administration.
Organizations may be tempted to adopt different document retention policies for different business groups or geographical entities within the organization. We do not think this is advisable, any more than it would be prudent to adopt different ethical policies for different subgroups in the organization. Rather, if subgroups have different legal or practical document retention requirements, they should be reflected in the document retention policy adopted by and for the organization as a whole.

2. What should happen if the organization becomes aware of a reasonable probability of a lawsuit or government investigation?
In the type of document retention policy suggested in this memorandum, an organization will have stated from the outset, as an ongoing and constant principle, that its policy is to retain all documents that may be needed for a lawsuit or government investigation as soon as the organization becomes aware of a reasonable probability of such lawsuit or investigation. Consistent with this policy, as soon as possible following the point in time at which an organization becomes aware of a reasonable probability of an actual litigation or investigation, the organization should send a memorandum to all members of the organization to preserve (retain) all relevant documents. Usually, legal counsel prepares this memorandum, because it has the expertise to assess the pending or potential lawsuit and describe the types of documents that must be retained. The memorandum should come from the organization’s Chief Executive Officer, Chief Financial Officer, or other very senior official, in order to demonstrate the importance of preservation.

Most commentators then advocate the creation of a Litigation Response Team to insure that relevant documents are retained and (if requested) produced. Such a team usually includes the general counsel; a high-ranking administrative person (such as the Chief Financial Officer or her designee) who will serve as the ongoing contact with the organization’s outside counsel; and at least one representative of the MIS Department.

3. What other administrative functions and procedures should be practiced?
There are at least three: training, auditing, and ongoing administration.

  1. Training. As noted above, organizations would be well advised to consider training employees in the creation and implications of e-mails. This would provide an excellent opportunity to also inform employees of the document retention policy, discuss that policy, and go through a sample document retention exercise. In the alternative, document retention policy training may be supplied as part of the orientation of new employees.
  2. Auditing. As with any organizational policy, an organization should audit compliance with the document retention policy. This may take the form of random periodic inspections or, if necessary, mock litigation exercises.
  3. Ongoing administration. As with any policy, a document retention policy should be periodically reviewed to insure that it reflects current business needs. In connection with this process, employees may develop useful suggestions on what types of documents should be retained to maximize the productivity and effectiveness of the organization. The document retention policy itself should encourage employees to provide these suggestions to the Document Retention Administrator, so that the Administrator, in conjunction with legal counsel and the MIS Department, may consider whether to revise the policy to adopt the suggestions.
    The International Standards Organization also suggests that records management systems should provide and maintain audit trails or other methods to track completed disposition actions. We think that as a practical matter, it will not be possible to document every instance in which documents are discarded. A document retention policy itself will provide documentation of the time periods in which documents are retained and (if it is in the policy) discarded. If, however, there is a periodic exercise in which an organization undertakes to discard unnecessary documents (e.g., the traditional “Spring cleaning”), the purposes of the exercise should be documented, as well as the detailed efforts to ensure that the event does not result in the discarding of any documents relevant to any pending or reasonably foreseeable lawsuit or government investigation.
    In addition, the MIS Department should maintain a log of any changes to the personal computers assigned to employees, including when a computer was returned by a departing employee and the new employee to which the computer was assigned. Before transferring the computer (or discarding it, if it is not to be used again), if there is any information on it that must be retained under the organization’s document retention policy, this must be attended to.

APPENDIX A
Sample Document Retention Policy
Date: ____________
Preface
It is the policy of this organization:

  • To retain all documents relevant to a lawsuit or government investigation involving the organization as soon as we become aware of a reasonable probability of such lawsuit or investigation. A “reasonable probability of a lawsuit or investigation” does not mean that we believe that we violated any law, breached any contract, or injured any person. Rather, it is a point in time at which legal duties to retain documents may arise, and it is our policy to comply with such duties.
  • To comply with all other legal and regulatory duties to retain documents.
  • To possess all documents needed for our normal business purposes, including administration of our ongoing relationship with our customers.
  • To insure that we may recover from a natural disaster, catastrophe or emergency by restoring backup copies of the documents needed to conduct our business.
  • Therefore, the organization directs and expect all employees to follow the rules and procedures set forth below. Please be aware that “documents” includes not only documents in paper form, but e-mail messages and all other forms of electronically stored information. Also be aware that the rules and procedures apply to all computers and other electronic devices provided to you by the organization for use in the business of the organization, regardless of whether those computers or devices are used on the organization’s premises or elsewhere.

Rules and Procedures
If you personally become aware of a reasonable probability that the organization will be involved in any matter in a lawsuit or a government investigation, or if and when you are informed of this by <the Document Retention Administrator, do not discard any documents relevant to the subject matter of the lawsuit or investigation. You will be informed of the specific types of documents that are relevant and must be retained for these purposes by <the Document Retention Administrator. Until that point in time, do not discard any document that may be relevant without the written approval of <the Document Retention Administrator. If in doubt, save the document.
In all other circumstances, you must retain the documents listed on Schedule A for the periods of time set forth on that schedule. The schedule reflects our legal obligations and business reasons for document retention. If you are aware of any other reason why particular types of documents should be retained, please retain them, and inform <the Document Retention Administrator about what you are retaining and why.

Administration
This policy will be provided to all new employees as part of the organization’s orientation and training. You should expect that from time to time, the organization will review your compliance with this policy. Violation of the policy may result in disciplinary action, up to and including termination.

Provided By DLA Piper

Back to Table of Contents