Slashdot Mirror

← Back to Stories (view on slashdot.org)

Document Retention - How Long is Too Long?

Posted by Cliff on from the c-y-a dept.

darthtuttle asks: "With the recent news of document destruction at Enron and the emails that have been discovered in high profile cases such as MS -vs- DOJ document retention seems to be a hot item right now. What document retention policies do people have at their companies, and what steps do companies take to make sure that documents are destroyed according to the policy when their time is up so they don't come back to haunt the company later? Note: the purpose of a document retention policy is not to keep documents, but to make sure they get destroyed according to policy before someone outside the company decides to use it against you. The big issues seems to be backups and documents stored on peoples desktop/laptops. You don't want those email server backup tapes from 2 years ago to be found, and you don't want to find out that the CFO was saving -every- email they ever got on their laptop."

2 of 405 comments (clear)

  1. Re:Cover WHAT? by modus · · Score: 4, Interesting

    Encrypting doesn't necessarily help. Sure, it prevents the court from reading your documents, but it doesn't prevent the court from putting your ass in jail for contempt of court after they subpoena your key/passphrase/whatever from you.

    And if you destroy your key as the feds are coming through the door, that's just like shredding documents -- They'll put you in jail for destroying evidence.

    (And yes, well encrypted data is indistinguishable from random data, but it's not going to be too hard for a state's attorney to argue that the huge pile of random data on your HDs is encrypted data, not your /dev/urandom souvenir collection).

  2. Re:Got something to cover? by ajs · · Score: 5, Interesting

    Not at all. The problem is most obvious with email, so I'll use that as an example.

    Let's say that your company has done nothing wrong, but the SEC thinks that you might have been leaking information to financial institutions, in order to affect your stock price.

    That's a pretty serious charge, but if you're innocent you have nothing to worry about, right? Well, it turns out that you have an employee that sent a seemingly innocent comment to his friend at such a company, but now, in light of the charges, it could be seen as an indication that such activity did exist and widen the investigation. This costs you in terms of legal expenses, time, credibility, etc.

    Having old documents taken out of context can be truly damning, and it's just not worth the expense. Much better to destroy what could be used against you later.