Slashdot Mirror

← Back to Stories (view on slashdot.org)

Document Retention - How Long is Too Long?

Posted by Cliff on from the c-y-a dept.

darthtuttle asks: "With the recent news of document destruction at Enron and the emails that have been discovered in high profile cases such as MS -vs- DOJ document retention seems to be a hot item right now. What document retention policies do people have at their companies, and what steps do companies take to make sure that documents are destroyed according to the policy when their time is up so they don't come back to haunt the company later? Note: the purpose of a document retention policy is not to keep documents, but to make sure they get destroyed according to policy before someone outside the company decides to use it against you. The big issues seems to be backups and documents stored on peoples desktop/laptops. You don't want those email server backup tapes from 2 years ago to be found, and you don't want to find out that the CFO was saving -every- email they ever got on their laptop."

5 of 405 comments (clear)

  1. What you all are missing. by RazzleFrog · · Score: 5, Insightful

    A lot of people have posted that as long as you are legit then you shouldn't have to worry but that is just naive. The truth is that a well trained lawyer can take any document and manipulate the information to fit their needs. Add to that information taken out of context can be given uneducated scrutiny by the press and the general public resulting in a disaster.

    To me, the best policy is whatever your legal requirements are and that's it. Destroy everything else.

  2. Re:Got something to cover? by ajs · · Score: 5, Interesting

    Not at all. The problem is most obvious with email, so I'll use that as an example.

    Let's say that your company has done nothing wrong, but the SEC thinks that you might have been leaking information to financial institutions, in order to affect your stock price.

    That's a pretty serious charge, but if you're innocent you have nothing to worry about, right? Well, it turns out that you have an employee that sent a seemingly innocent comment to his friend at such a company, but now, in light of the charges, it could be seen as an indication that such activity did exist and widen the investigation. This costs you in terms of legal expenses, time, credibility, etc.

    Having old documents taken out of context can be truly damning, and it's just not worth the expense. Much better to destroy what could be used against you later.

  3. Double-edged sword by Ldir · · Score: 5, Insightful
    This has also been a hot issue where I work. Our legal department recently mandated a draconian policy of automatically deleting ALL e-mail after nine months. We are not allowed to file any electronic correspondance unless we print it out and save the paper.

    This may be a good policy when you have something to hide. In the IT world, in my experience (and the experience of most of my peers it seems), old e-mail has helped way more often than it hurts us. If you use e-mail to document conversations, meetings, etc., a lot of disputes get resolved pretty quickly when you pull out an old e-mail and say, "See, here's what you said." or "See, here's what we said we would do."

    This doesn't happen if we have to print "important" e-mails. Why? Two reasons. First, you usually don't know a year or two in advance which e-mails are going to be important some day. We may generate a thousand messages plus over the course of a project. Most of them are routine, or are only of passing interest. Every once in a while, however, there will be a design decision (or more likely a design compromise) that one party has conveniently forgotten.

    Conversely, if someone can show us that we did, in fact, agree to do something, then we will commit to doing it. Our memories are cloudy too, and we do believe in delivering what we said we would.

    The second reason paper filing doesn't work for most of us is that it's extra work. Want to file an e-mail - drag it to a folder. Done. Need to file a paper document - remember to print it, interrupt whatever you're doing to leave your desk, find the right folder (if there's room in the cabinet), file it. If you're on the road, remember to go back later, once you're back in the office, and follow the steps above. This works OK if you're an executive with a secretary dedicated to such tasks. Around here, at least, that perk has become too expensive for all except the most senior management. And, even though paper filing doesn't take much effort for a single document, it is a lot of work for hundreds of e-mails, it requires filing space that is in short supply, and it requires a degree of discipline that most people don't seem to have. Finally, even if you have a good paper filing system, it's much easier to search electronic files quickly.

    This is exactly why electronic files are so dangerous in litigation - if you can search them quickly, so can your adversary. By prohibiting them, however, you reduce productivity across the entire company and increase costs. I'm not convinced that the legal eagles balanced the immediate cost benefits against the possible future risk. They only consider the dark side.

    On a related note, I know I just read an article (here?) about how electronic documents have a life of their own thanks to widespread forwarding. Your retention policies may be almost meaningless if your correspondants keep everything.

  4. Re:Technological demands by watanabe · · Score: 5, Insightful

    "I can't imagine the tech demands of constant archiving of everything. I'd need to give half of my budget to EMC just to try to stay ahead."

    This is partly because you don't use standards compliant systems. I have all my non-junk e-mail going back to 1994 saved, from a variety of HP, Solaris, Irix and Linux machines across maybe nine e-mails. It's all in instantly recognizable mbox format. If you are going to go with Netware, Win2k, etc. Then of course you are going to have these problems! The companies that make those systems make their profits selling new versions of software.

    Maybe it would save your company money to choose a system which does not build in 2 year obsolescence into its business plan.

  5. Real World Reasoning by virg_mattes · · Score: 5, Insightful

    For a large company, a document retention and destruction policy is a necessity, specifically for legal reasons, but not for the reasons you're assuming. Every large company develops huge masses of information, and most of them back up that data to protect against short term loss. However, most companies don't want to keep it forever, so they destroy the old stuff to reduce storage needs, cut down on administrative costs associated with maintaining the records and protect against industrial espionage. The problem lies when the company comes under examination for a lawsuit. If there's a well described and religiously followed document retention policy in place, the court has no reasonable expectation that the company will still have documents that the policy marked for destruction. If on the other hand there is no real policy (or it's badly enforced) this opens up an avenue for liability wherein the corporate controllers say "we don't have documents X or Y because they were destroyed" and the judge then assumes they did it to hide something (and punishes accordingly) or assumes they're lying (and punishes accordingly). Also, when the prosecution or plaintiff asks for certain documents, the policy can limit the scope of the request so that your IT team isn't spending untold hours digging up archived stuff to turn over in satisfaction of a subpoena.

    You should be careful not to fall into the logical trap that document destruction is only useful if you have something to hide. In this very litigious society, it's rarely that simple.

    Virg