Transcript doeLegal
eDiscovery and Records Management Corporate Records Management Historically- Paper was the “Corporate memory”- a visible, physical entity. Original documents insured authenticity. Records Management policies were manageable. Records Management- Digital Perspective Records management is no longer visible. Digital information accounts for greater than 90% of all records. The logical location of these stored electronic records is controlled by computers. And, although, it may appear to be less costly to store digital information, it is important to develop meaningful retention policies. Corporate Records Management ARMA AIIM Surveys -2009 Survey -of 17,000 Businesses, Government agencies, non-profits and associations. •While 83% of organizations reported formal records management programs 24% still reported them as ineffective. 25% of the record management programs did not address electronic records 34% did not have a formal plan for discovery requests for records including litigation hold orders. 13% still did not include electronic records in their litigation hold procedures. 47% did not have a formal email retention policy. • • • Corporate Records Management ARMA AIIM Surveys -2009 Survey Survey results have actually improved and show some significant action taking place. But they also reflect a continued weakness in the processes and systems for handling electronic records. Principle driver: The magnitude of litigation and the demand for regulatory compliance has brought the need to address records management to many companies. Corporate Records Management Objectives of a Sound Record Management program • Preservation • Compliance with Regulations & Statutes. • Mitigate Legal Risk. • Reduce Litigation and Discovery Costs. • Enhance Knowledge Management and Increase Productivity. Records Management- Preservation • Anticipation of a Claim is all that’s required to trigger the duty to preserve potentially relevant evidence. • Effective email preservation (or destruction) is difficult. • Other issues that must be addressed: Hardware/software changes. Employee turnover. Work on home computers. Reminders to organization. Suspension of defragmentation, alteration, wiping etc. Responsive vs. Reactive preservation. Records Management- Legal Holds Litigation Hold Coordination- a litigation hold directs the organization or identified parties to segregate and protect from destruction certain documents and data that are, or arguably may be, relevant to a threatened or pending litigation. Counsel must be sufficiently knowledgeable of their companies or clients electronic systems to identify any potential source of relevant electronic data. Eight Steps to Defensible Legal Holds 1. 2. 3. 4. 5. 6. 7. 8. Identify when the preservation obligation began. Determine what ESI should be preserved. Designate a Technical Authority. Issue timely legal hold notices. Confirm compliance with legal hold notices. Document compliance with the legal hold process. Actively monitor compliance with legal holds Release the legal hold once the matter is concluded. Corporate Compliance Legal Issues Sarbanes-Oxley Act (SOX) Health Insurance Portability & Accountability Act (HIPAA) Foreign Corrupt Practices Act Government Bailouts Gramm-Leach Bliley Act Fair and Accurate Credit Transactions Act of 2003 (FACTA) Compliance with organizational policies, industry standards, local, & National <Insert Slide retention Title Here> Government laws and regulations dictate evolving periods for all types of Data including Emails. Sarbanes-Oxley Act (SOX) HIPAA SEC 17 CFR Part 210 Florida Sunshine Law NASD 2860/3010/3110 FDA Electronic Communications and Transactions Act National Labor Relations Act Employee Retirement Security Act of 1974 Americans with Disabilities Act Over 6,000 OSHA Medicare Conditions of Participation Title VII of the Civil Rights Act of 1964 State & Federal Compliancy Laws & Regulations! Corporate Compliance Legal Issues Accounting/reporting fraud Anti-boycott Antitrust Conflicts of interest Consumer protection Discrimination/EEO Document retention E-Mail/Internet Use Environmental protection Export Control Foreign Corrupt Practices Act Fraud prevention Intellectual Property Money Laundering Insider Trading Protection of Confidential Information Political contributions Lobbying Government contracting Product Quality Workplace Safety Gifts & Entertaining Privacy Harassment Executive Pay Corporate Compliance Challenges Capturing, maintaining, retrieving and protecting information in a consistent manner. Creating a governance and approval process. Unstructured data v. structured data – E.g. audio and video files. Corporate Compliance- Technology Review Legal should be involved with the corporation’s technology selection(s) to insure that it satisfies compliance requirements and will handle any necessary complexity. Additionally, they need to insure that standards and procedures are properly communicated to the organization. Costs Understand the cost of preservation vs automatic destruction policies. Make sure that you establish methods to reinforce your policies and test their effectiveness. Anticipate litigation. Knowledge Management From a legal perspective maintain your records so they can be updated and be useful for future needs or litigation. Some of the questions you must answer for your client or company Has relevant data been properly preserved? What is the time, difficulty, costs to recover and retrieve relevant data? What business disruption will occur? How can relevant data be identified and irrelevant or privileged data be sorted out? How can this data be preserved to be used for potential future requests or other matters? Changing Perspectives on Record Management Ignorance no longer a valid defense. e-Mail retention policies are difficult or impossible to put in place. Sarbanes-Oxley requires compliance, yet is vague in many areas. Cost shifting strategies and burdensome arguments have a very low success rate. Best Practices Proactively prepare for future litigation. Map critical electronic data, systems and backup media. Align Legal, IT and the Business. Disaster recovery strategies must no longer be the only purpose of record retention. Create evidence management/ preservation programs and publish, publish, publish Example Create the Retention schedule/ guidelines and publish to a employee handbook Create a list of every department and division within the corporation and then within that department each major category of documents Create a complete numbering system; i.e LEG-0110-020; representing the Legal Department, the Litigation division, and expense records For LEG-0110-020 define the details for that record type electronic and paper life…i.e; online for 3 years, after that destroy, any events that could have an impact, etc. Create a records retention manager and hotline for monitoring and answering immediate questions.