10 guidelines for setting retention policies

As if you aren’t busy enough, you now play the role of protector of electronically stored information.

With new regulations and the recent changes to the Federal Rules of Civil Procedure, legal departments are turning to IT leadership to manage the retention, deletion, search and recovery of electronic information. For IT management in large companies, this means tracking billions of e-mail messages, database records and desktop files as they move across tens of thousands of servers and desktop computers.

In many organizations, figuring out what to keep is as difficult as managing the data itself. To help, here are 10 guidelines for the retention and deletion of electronically stored information:

Start by looking in the mirror: When it comes to the retention of electronic information, businesses have a tremendous amount of latitude. While the new Federal Rules of Civil Procedure make it advantageous to have a policy, they don’t govern how long data needs to be held. So, if you are worried about e-mail and other information, delete it quickly. If you think it is valuable to your business, keep it for as long as it is useful.

Click to see: Diagram of whether your data is stored correctly

Don’t let users determine what you keep: If you are letting users decide which messages and documents are kept, you don’t have a retention policy. Good retention policies automate the preservation of electronic information and then mandate the destruction of documents in accordance with stated policies.

Understand the cost of litigation: According to the international law firm Fulbright and Jaworski, the average billion-dollar U.S. company is currently facing more than 500 discrete lawsuits. Electronic discovery for a single lawsuit can cost hundreds of thousands or even millions of dollars. If mistakes are made, litigation can be lost on process grounds, regardless of the merits of the case.

Take advantage of safe harbor provisions: New court rules allow organizations with standard retention policies to delete information unrelated to the case with impunity. If you don’t have a formal retention policy, the deletion of any information may be held against your organization in court.

Remember the regulations: There are thousands of city, state and federal rules which require retention of electronic records – from Occupational Safety and Health Administration (OSHA) to the Sarbanes-Oxley Act to the Fair Labor Standards Act. While a 60-day e-mail retention policy may be the right strategy for litigation, you’ll need to make sure your policy includes exceptions where regulations require longer retention rules.

Prepare now for electronic discovery: When litigation strikes, electronic discovery soon follows. Companies often have only a few weeks to scour billions of messages and files for relevant data. If you are not prepared for e-discovery, the costs of manual search and recovery can be staggering.

Start where the lawyers start — e-mail: While all types of electronic records are subject to retention and discovery — database records, files on servers and personal computers, electronic communications, CAD files — not all are equal targets when litigation starts. When it comes to managing electronic information, companies should be smart and start where the lawyers start: with e-mail. As one lawyer said, “e-mail is where the juicy stuff is.” Only e-mail includes important documents sent as attachments with unguarded narrative context provided by employees. Lawyers know how to find the good e-mail messages for a case, so it’s usually where they look first.