Data, Data Everywhere
How to Manage the Minefield of Electronically Stored Information“They say I’m old-fashioned, and live in the past, but sometimes I think progress progresses too fast!” — The Lorax, Dr. Seuss
We live and work in a digital age. More than 89 billion corporate e-mails are sent and received each year, and more than 300,000 pages of text can be stored on one computer alone.
Electronically stored information (ESI) comes in a multitude of different file types and formats, including, but not limited to, e-files or electronic documents that exist on a user’s hard drive, a network drive, or a document management system; word-processing documents, such as Word or RTF; PowerPoint presentations and Excel spreadsheets; graphic files, such as PDFs, TIFs, or JPEGs; web pages or web-based data; video or sound files; server or web based e-mail; and Outlook/Exchange. ESI may be stored duplicatively as well; for example, an e-mail may be stored in Outlook and on that same user’s BlackBerry or iPhone.
The volume of ESI continues to grow and multiply rapidly just in the course of ordinary business operations. Because of the sheer and ever-expanding volume of ESI, storing and managing it can be extremely overwhelming, costly, and burdensome for businesses. Yet, not properly storing and maintaining certain ESI may present legal liabilities.
To ensure that necessary ESI is being maintained and that unnecessary ESI is being purged, companies should implement a comprehensive document retention-and-destruction policy that specifically addresses ESI. Presently, many companies may not even have a formalized written plan that describes how and where their paper documents will be stored and when they will be destroyed, let alone addresses the storage and destruction of ESI. In fact, since having such a policy is not mandatory, for many companies, less-formalized standards, which have not been memorialized in writing, have evolved over time as a matter of practice.
Establishing a written comprehensive document retention-and-destruction policy is a best practice for two primary reasons: legal compliance and legal defense. In our digital age, because many documents are electronically stored, establishing such a policy that also specifically addresses the storage, retention, and destruction of ESI is crucial. Indeed, ESI presents unique challenges because of its volume and the difficulty in accessing and retrieving it.
From a legal-compliance standpoint, there are myriad laws that mandate the types of documents that must be retained, the ways in which they must be stored, and the length of time they must be kept. For example, wage-and-hour laws require businesses to maintain certain payroll records containing information such as the employee’s name, address, Social Security number, and job title and the hours worked and amount paid to that employee for each pay period. In an increasingly digital workplace, this type of payroll information may only be stored electronically.
Accessing and retrieving that information, and otherwise ensuring its preservation, is critical to demonstrate compliance should a company face a federal or state governmental audit. Furthermore, privacy laws require that businesses reasonably and adequately safeguard confidential or private information whether it is stored in paper or electronic form. Thus, a formalized written policy should account for these as well as a variety of other issues and detail the ways in which the company intends to comply.
From a litigation-defense standpoint, companies have a legal obligation to preserve all relevant documents if litigation arises or if litigation is threatened. In other words, once a lawsuit is filed or anticipated, companies cannot lose or inadvertently destroy documents that are germane to litigation. Therefore, not having a document retention and destruction policy that specifically addresses ESI when faced with litigation or the possibility of litigation can have devastating consequences.
For example, if a former employee’s attorney requests relevant ESI that cannot be accessed or retrieved, or was otherwise deleted, a court may determine that there was a failure to preserve such relevant information and impose severe penalties and sanctions against the company.
To minimize the risk of inadvertent deletion of ESI, a company’s document retention-and-destruction policy should contain two essential provisions: a litigation-hold provision and a departing-employee provision. A litigation-hold procedure ensures that the requisite steps are taken to preserve relevant documents. A carefully crafted litigation-hold section will identify the triggers for a hold on documents, the steps to be taken once a hold has been initiated, the types of records and data that must be preserved, and the forms in which such records and data must be preserved, the consequences for failure to preserve such data, and the name of the person at the company who can be contacted with questions or for technical assistance.
Procedures regarding the length of the retention of a departing employee’s ESI should also be included in a document retention-and-destruction policy, even when litigation is not anticipated. Too often, an unexpected lawsuit ensues, and it is discovered too late that a former employee had created ESI pertinent to the company’s defense. Indeed, oftentimes, within days after the employee’s departure, IT has reset the former employee’s computer so that another employee can use it. Thus, creating a policy that includes a set time period for the deletion of a departing employee’s ESI when litigation is not anticipated is very important.
Having a set time period can otherwise be beneficial, especially for those companies that tend to retain anything and everything. Consider, for example, a snarky e-mail that has been kept too long and now surfaces in litigation that otherwise was not expected or anticipated. If the company had a document retention-and-destruction policy that included a specific time period for deletion, such an e-mail would have been long since gone.
A carefully crafted document retention-and-destruction policy can otherwise be advantageous to companies insofar as it helps to reduce costs, eliminates the retention of redundant or unnecessary documents, maximizes computer-server storage space; and provides organized and streamlined systems for maintaining and managing documents.
Keeping paper documents organized and maintained is relatively easy; however, as noted throughout, the same is not true for ESI. Preserving ESI is very complicated and requires extraordinary coordination between upper management, human resources, legal counsel, and IT.
To minimize your company’s legal risks, you should act now by creating a formalized document retention-and-destruction policy that incorporates standards for safeguarding and disposing of ESI.
At implementation, you should train your staff to ensure they understand the policy and their relation to it. After implementation, you should periodically audit your company’s overall compliance with the policy.
Amy B. Royal, Esq. specializes exclusively in management-side labor and employment law at Royal LLP, a woman-owned, SOMWBA-certified, boutique, management-side labor and employment law firm; (413) 586-2288; [email protected]