Document Retention - How Long is Too Long?

darthtuttle asks: "With the recent news of document destruction at Enron and the emails that have been discovered in high profile cases such as MS -vs- DOJ document retention seems to be a hot item right now. What document retention policies do people have at their companies, and what steps do companies take to make sure that documents are destroyed according to the policy when their time is up so they don't come back to haunt the company later? Note: the purpose of a document retention policy is not to keep documents, but to make sure they get destroyed according to policy before someone outside the company decides to use it against you. The big issues seems to be backups and documents stored on peoples desktop/laptops. You don't want those email server backup tapes from 2 years ago to be found, and you don't want to find out that the CFO was saving -every- email they ever got on their laptop."

Cover WHAT?

[Spencerian]

Many companies discourage archiving seemingly trivial things such as e-mail, which can bite in the butt later (Microsoft apparently didn't have such a policy during their recent litigation).

The sad part is that Microsoft technology makes archiving all too easy (Outlook/Exchange personal folder files, for instance). Even basic Internet POP/IMAP stuff is too easy.

One word: encrypt.

Re:Cover WHAT?

[modus]

Encrypting doesn't necessarily help. Sure, it prevents the court from reading your documents, but it doesn't prevent the court from putting your ass in jail for contempt of court after they subpoena your key/passphrase/whatever from you.

And if you destroy your key as the feds are coming through the door, that's just like shredding documents -- They'll put you in jail for destroying evidence.

(And yes, well encrypted data is indistinguishable from random data, but it's not going to be too hard for a state's attorney to argue that the huge pile of random data on your HDs is encrypted data, not your /dev/urandom souvenir collection).

nothing to hide

[MathJMendl]

If companies have nothing to cover and nothing to hide, why should they be concerned about their deletion to begin with? Then again, I am sure paper memos are not kept forever, and if they can avoid lawsuits legally by deleting documents I would probably do the same in their position, as to not assist my prosecutors.

Re:nothing to hide

[A+Big+Gnu+Thrush]

I work at a Fortune 100 company and documents and emails older than one year are automatically deleted. The email is pretty easy to enforce because we use Lotus Notes. The deletion takes place on the server copy and the deletes are replicated down to the local copy.

Document files are a little more difficult. Everyone is encouraged to store files on the server in secure folders. This is enforced culturally because if a hard drive fails and the user wants data back, they are told it should have been on the server where it is backed-up (and deleted at the appropriate time).

BTW, these procedures have proven very important as the company has defended itself in against anti-competitive suits as well as race-discrimination suits.

Premature discussion

[Skyshadow]

I rather suspect that this discussion is premature, and that thanks to our good friends at Enron and Anderson you're going to see a serious change in the way the laws effect this area.

Personally, I think that corps shouldn't be allowed to destroy documents for at least 3-5 years -- all they're doing is covering their sins. Enron's a good example; they're destroying the evidence that they knew they were perpetrating a fraud against their investors. Destruction of the documents could mean that, as usual, the little guys get screwed and assholes like Ken Lay walk due to lack of evidence.

Pretty disgusting.

The solution is simple

[nullard]

While this might not work for everyone, I NEVER delete an e-mail and I log all of my instant messages. My policy regarding destruction of data? If it can be used against you, don't write it. Document retention (and destruction) policies are cover-ups at best. Remember when those guys went driving around shooting people with paintballs and videotaped it? Rather than having them agree to erase the tape after X days, why make it in the first place. I don't destroy digital records of my life. Why not? I sure as hell wouldn't be stupid enough to record anything I'm ashamed of doing.

Hard problem

[ajs]

The problem is hard on many levels. For example, many small companies have the, "we have nothing to hide" attitude, because they're not able to think in terms of large business dealings where years of internal email could be dragged out into court and used out of context.

Once you convince a company that document "retention" is valuable, many managers will immediately declare themselves exempt because they feel that they will one day need that email from a vendor thanking them for buying the Widget 10,000 last week.

What I think the industry really needs is some kind of software that manages information archives in a way that lets people specifically call out information that needs to be preserved as annotation. In this way, you could keep all of the headers of all of the mail and all of the filenames of all of the documents on a fileserver, but only keep the annotations (which may include some key points from an original).

I know that I would find this more useful than the usual way that people annotate documents (named folders).

Re:Hard problem

[The+Man]

Once you convince a company that document "retention" is valuable, many managers will immediately declare themselves exempt because they feel that they will one day need that email from a vendor thanking them for buying the Widget 10,000 last week.

This is a major policy problem in a much wider scope than a document retention/destruction policy. The problem of politically powerful individuals within a company declaring themselves exempt from various policies is a serious one. Ask any systems administrator about it - when you come up with any policy and present it at a meeting, everyone will approve it and say it sounds like a great idea. Later, each person will individually approach you and say that the policy is a great idea for everyone else but the he'she should personally be exempt because of some special circumstance or other that, of course, doesn't apply to anyone else.

If your company is like that (that is, it's like mine), don't even bother with written policies, on document retention or anything else. Even if you own the company or are the CEO and thus powerful enough to force the approval of policies like this, nobody will actually follow them anyway. Your best bet is probably to institute some boilerplate policy you get from your corporate lawyers, post it conspicuously, and make sure everyone agrees to it in writing. As I said, there's no point in trying to make anyone follow it - they won't. But in this case at least you can try to offload all liability on the individual employees who don't bother to follow the policy. It probably won't work especially in the case of SEC troubles or similar, but it's easy and cheap to do.

Honestly, why can't people just accept that they're NOT special?

I dunno, it all seems backward

[Mike+Hicks]

It all seems backward to me. Destroying documents to get rid of any evidence of accountability.. What's up with that?

Certainly, there's a lot of stuff that isn't bad, but it can be viewed as bad in the context of history.. Lawrence Lessig got in trouble when he was appointed as Special Master in the Microsoft case because of an e-mail he wrote regarding the ease of installation (or lack thereof) of Netscape versus Internet Explorer, and the trouble installing the software caused..

It was just a silly e-mail to a friend, but it got blown out of proportion.

On the other hand, there have been instances in the past of very important and incriminating documents being kept by employees who felt that twinge of conscience and decided they shouldn't go in the shredder.

Document retention policies, in my opinion, should be based around keeping `important' documents (however that is defined), and shredding the lesser ones, in order to save space. No need to keep the e-mail regarding today's lunch outing, but it's a good idea to keep that list of patients...

You need a system!

[YouAreFatMan]

One of the big problems is pack-rat syndrome, where everybody keeps everything "just in case". No one is sure whether they can safely delete/destroy the document.

The U.S Army uses a system called MARKS (Modern Army Recordkeeping System) which includes destruction procedures. Every record within the MARKS system is supposed to have a disposition which indicates when it is to be destroyed. The system is designed so that there is no ambiguity about when to destroy the file (e.g., "destroy 1 year after expiration"). Any half-awake clerk can follow the instructions.

Usually the person creating the document knows it's proper scope, and can specify the disposition. Then anyone who receives the file just follows the instructions.

Necessary for any similar system for private companies would be
1) publish guidelines/SOPs/regulations for dispositions
2) make sure document authors specify destruction dispositions on all documents
3) publish SOPs for regularly purging documents
4) auditing to make sure that destruction dispositions are followed

The best way would to be to have some automation in there -- document creation tools modified to automatically insert this information, automated purging, automated auditing. Otherwise you're just adding a lot of workload to people who probably don't give a flying f--- about document destruction.

Re:Got something to cover?

[ajs]

Not at all. The problem is most obvious with email, so I'll use that as an example.

Let's say that your company has done nothing wrong, but the SEC thinks that you might have been leaking information to financial institutions, in order to affect your stock price.

That's a pretty serious charge, but if you're innocent you have nothing to worry about, right? Well, it turns out that you have an employee that sent a seemingly innocent comment to his friend at such a company, but now, in light of the charges, it could be seen as an indication that such activity did exist and widen the investigation. This costs you in terms of legal expenses, time, credibility, etc.

Having old documents taken out of context can be truly damning, and it's just not worth the expense. Much better to destroy what could be used against you later.

Re:According to Arthur Andersen's Employee Handboo

[RazzleFrog]

I should imagine that internal auditors would be more effective at keeping a company out of trouble

I am guessing you have never worked as an internal auditor or known someone who worked as an internal auditor. They don't typically review accounting policies. They are more procedure oriented.

Even if the internatl auditors did know about this problem, they would have just reported to the board of directors who most likely would have filed the report in the cabinet with the sharp cutting teeth.

Personal Documents and Scanners

[mschaef]

Something I've wondered about, along these lines, is scanning documents (bills, etc.) into a computer as they're received. From that point, the paper copy could be thrown away if the electronic copy was sufficiently 'official'. It seems like the electronic documents would also be a lot easier to organize, sort, and retain. Possible legal issues have kept me from doing so.

-Mike

So you're against personal encryption too?

[Tenebrious1]

Maybe I have nothing to hide. But I encrypt my documents because I don't care that my personal business is seen by others.

There are issues which were "legitimate" at the time, but later came back to haunt them. GE and the PCBs in the upper Hudson is one. Corning and silicon breast implants are another. Abestos. Lead based paints. Did these companies wish they hadn't destroyed all those documents from scientists saying their products/actions were safe? Or did they end up destroying the "bad" evidence for plausible deniability?

Business destroy documents for lots of reasons. I think it's mostly so CEOs can take a stand and have "plausible deniability" to protect their asses. Luckily, there are always backups somewhere that will come back to haunt them.

We handle it two different ways

I work for an insurance company (where unforseen legal issues have a risk of biting us), so I'll go AC for this post:

We maintain a standard GF-F-S backup rotation, with archives going back as much as 7 years, but with loss of granularity at various intervals. This covers all our servers (except e-mail). Claims documents are imaged and preserved forever - and policy records are also preserved forever (though not all imaged).

E-mail is handled differently - we maintain a single backup tape that is overwritten twice monthly and discarded annually. We're mainly concerned with disaster recovery on the e-mail system, since anything that we distribute via e-mail genrally originates as a document on the servers.

User hard drives are not backed up at all. If a machine gets toasted, we simply replace the PC. Anything critical is stored on the network.

Mainframe backups are another story entirely, and I don't know how that's handled - we have an outsourcer and it's managed by a different area of the company. We keep policy data and financial/billing data there. Historical data is on a Wintel-based SQL system and handled as part of the PC backup.

We do a full database backup at the end of the year, as well - those (and the Claims data) go off-site to an archival storage house, and are daily backups are rotated out to a nearby building.

Most of you have it all wrong

First of all, let me give the standard disclaimer that even if you can figure out where I work (which you can't), I speak for myself, and not my company or their legal team. I am not a lawyer, and you consider what I say with the same authority that you give comments coming from your arse.

There's a reason why you need to have these policies, even if you're company is doing nothing wrong. Let's say you're company is sued somewhere down the line, and the court or the lawyers issue a subpoena for all information relating to Company B, which you've had a long-standing relationship with. You need to hand over ALL YOUR DATA. Do you know where all the e-mails you ever sent to the company over the past ten years are? Are there old backup tapes in the closet that you can't read because you don't have the equipment? Well, that's too bad, because if you don't hand over ALL THE DATA, it could look like you're hiding something, and get you (and the company) in hot water. Besides, let's say you're the SysAdmin that has to recover ten years' worth of back E-mails and find all the ones that are relevant, knowing your job may be on the line if you mess up. Not fun, huh?

So, you decide to get rid of data that's really old and no longer relevant. But how do you determine that? How would it look if you got rid of all your old data on an arbitrary date, only to get the subpoena the next day? You wouldn't look much better.

What these policies do set up "Any documents of any type that are older than xxx days get destroyed", regardless of their source. This is looked at much more kindly by the authorities, because it is a policy that is set up in advance, with no prior knowledge of any pending actions. And when you only turn over xxx days of documents, your lawyers can say "We've had this policy in effect for the past y years", it doesn't look as suspicious.

My problem is that, as an engineer, I'm supposed to keep documents past the retention limit (perfect example : patent applications and design information that take years to process.) However, our fscking Notes server is set up to delete ALL e-mails after xxx days, no matter what the source! And I found out the hard way that filing E-mails in folders on the server doesn't do squat, because those are cleaned out too! I have to manually lenghten the retention deadline on EVERY SINGLE DOCUMENT I need to have saved. (Or, save it off of the Notes servers. Not that I've ever done that...) ;)

Yeah, it's a PITA, but it's the price we pay for living in America, land of the Subpoena and home of the Class-Action Lawsuits!

The plantiff's lawyers went back to 1937 notes...

[RasTafarii]

from a engineering meeting held in a very old us company that made machine tools where the installation of operator guards was discussed on some type of press they agreed to do it and someone mentioned that if the guards were removed later serious injury could result to the operator.

fast forward to 1985, the press made back in 1937 is still in use at some rundown plant staffed with illegal mexicans, it has not had any decent maintenance in decades and of course all the operator guards were removed to speed up production several owners ago.

some guy puts his hands in the danger zone and the press gets him.

the original company that made the press 48 years ago gets bagged on the grounds that they knew it was a dangerous machine that's why they mounted operator guards on it... the fact that persons unknown decades later removed those guards and no one trained the illegals on safe operation of this old rundown press was beside the point...

being an old family run company, they had records dating back to the founding apparently they never threw anything away and minutes from a 1937 meeting ended up costing them a couple of millions of $.

if the law or regulatory agency does not explictly require you keep the stuff, shred it as soon as you can, wipe the backup tapes as soon as possible and keep only the stuff you have to, the shortest time permitted.

reimage the corp laptops every 6 months to prevent packrat ceo's from keeping every email and their kids who use it at home to surf p0rn sites when dad isn't watching...

... there's more to that as well.

[Narcocide]

...and anyway, even if every single document being passed around your company is completely kosher and totally legal and can in no way be manipulated against your company in court, that doesn't mean that it *can't* be manipulated against your company in the marketplace, by other companies, many of which may be evil.

Re:Double-edged sword

[markmoss]

I quite often have to refer back to projects that were closed out a few years ago. E.g., a few months ago I had a customer saying something like, problems have popped up with this latching SMT relay, costing around $100K in replacement boards and service calls -- why did I ever pick it? I go back to look things up and find a pretty clear trail of checking every SMT relay on the market -- this was the only latching relay available in 1998 that actually withstands SMT process temperatures, although just barely -- the circuit didn't seem entirely trustworthy, so why don't we go to this alternate circuit, that also costs less? -- and the customer turned that change down...

In other words, given the customer's determination to implement a circuit designed in the early 1960's in surface-mount parts, that was the best part available, and probably still is. It wasn't good enough, but they wouldn't let me re-design to avoid it, and I've got their e-mails to prove it. We cranked out my more reliable design based around a 74HC 74 IC real fast, and they ate the cost.

Without e-mails, I barely remembered this particular case out of several others, and the actual decision makers at both companies were gone...

Re:Double-edged sword

On a related note, I know I just read an article (here?) about how electronic documents have a life of their own thanks to widespread forwarding. Your retention policies may be almost meaningless if your correspondants keep everything.

I've been performing a little experiment along these lines. We're primarly a Windows/Outlook shop, but instead of forwarding attachments, I've set up an Apache webserver on my W2K pc. I put the documents there and I just send a link to the document instead of the document itself. I did this to do my part in saving bandwidth so that only those who really want the document will bother to get it.

BUT, I've gotten a little bonus out of it... many of the PCs here are named based on the last name of the primary user of that PC. What I end up with in the server logs is a nice record of who looked at the document. It's been extremely interesting to see how and when some messages get forwarded to others.

And yes... once a document is out, there's no way to get it back. The problem is that if you need to make a change or an addendum to the document, you can send it to the people you originally sent it to, but there's no guarantee that they will pass on that information to the people that THEY forwarded your document to.

Re:Oh come on..

[susano_otter]

ie. the same sort of people who gave 12 mill to some bimbo for spilling hot coffee on herself.

Please, try not to be a complete fucking idiot. Everybody else already has a clue.

Shreding the Enron Documents

[Zeinfeld]

The point that posters appear to be missing is that despite holding 80 person shredding parties enough has emerged about the activities of Arthur Anderssen and Enron to cause as much damage as could possibly happen. If the investigators can't get someone for fraud they will get them for shredding.

The Enron documents that were shredded are likely the early drafts of the audit report. While it is quite likely that there will be electronic copies of the destroyed documents what the investigators would probably most like to get their hands on would be draft copies with handwritten annotations. It is unlikely in the extreeme that anyone wrote a document that was incriminating on its own, but quite likely that incriminating marginalia existed.

BTW in addition to their involvement in the Sunbeam and Waste Management debacles Anderssen were until recently blacklisted by the UK government who held them responsible for their losses in the Delorean fiasco.