Where’s the shredder?


Published on

Overview of the exposures related to electronic discovery and the need for a document retention/destruction policy. Offers guidelines for writing a document retention/destruction policy. Presented to a group of association finance and administration executives.

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Where’s the shredder?

  1. 1. Where’s the Shredder? A Risk Management Approach to Document Retention and Electronic Discovery February 27, 2008 Eileen Morgan Johnson Whiteford Taylor & Preston, LLP Leslie T. White, CPCU, CIC, ARM, CRM Croydon Consulting, LLC
  2. 2. Records Management Risk Management
  3. 3. Risk Management <ul><li>Innovation requires risk taking. Taking risks requires informed, fact-based decision making. </li></ul><ul><li>Discipline for dealing with the possibility that some future event may cause harm. </li></ul><ul><li>Dealing with uncertainty . . . </li></ul>
  4. 4. Risk Management Cycle Identify risks Evaluate & prioritize risks Select risk management techniques Implement techniques Monitor & improve the program
  5. 5. What are the risks? <ul><li>Documents and records can be: </li></ul><ul><li>The smoking gun proving fraud, employment discrimination, sexual harassment, restraint of trade, conflict of interest, etc. </li></ul><ul><li>The evidence that disproves fraud, employment discrimination, sexual harassment, restraint of trade, conflict of interest, etc. </li></ul>
  6. 6. What are the risks? <ul><li>Criminal charges of obstruction of justice </li></ul><ul><li>Adverse judgment due to inability to produce discoverable documents and records </li></ul><ul><ul><li>(Residential Funding Corp v. DeGeorge Corp. 306 F.3d 99 - $96.4 million) </li></ul></ul><ul><ul><li>Morgan Stanley $1.45 billion – acted in “bad faith” in failing to turn over relevant emails (Overturned on appeal) </li></ul></ul><ul><li>Costs to produce requested documents (staff time and computer forensics) </li></ul><ul><li>Storage costs for necessary & unnecessary documents </li></ul>
  7. 7. History – Arthur Andersen <ul><li>June 2002 criminal conviction for destroying Enron documents </li></ul><ul><ul><li>October 2001, Arthur Andersen’s in-house legal counsel sent memorandum to partner in charge of the Enron audit team - </li></ul></ul><ul><ul><li>“ It might be useful to consider reminding the engagement team of our documentation and retention policy. It will be helpful to make sure we have complied with the policy. Let me know if you have any questions.” </li></ul></ul><ul><ul><li>Knowing the SEC had begun investigating Enron the partner ordered destruction of Enron related documents on October 21, 2001 </li></ul></ul><ul><ul><li>Destruction continued until day after Arthur Andersen received a subpoena requesting it to produce those and other documents </li></ul></ul><ul><ul><li>May 2005 U. S. Supreme Court overturned the 2002 criminal conviction due to improper jury instructions </li></ul></ul>
  8. 8. Arthur Andersen – Part 2 <ul><li>Conviction overturned in 2005 since jury instructions did not require: </li></ul><ul><ul><li>“ consciousness of wrongdoing” - Knowingly corruptly persuading others to destroy documents </li></ul></ul><ul><ul><li>“ any nexus between the ‘persua[sion] to destroy documents and any particular proceeding” </li></ul></ul>
  9. 9. Sarbanes-Oxley Act of 2002 <ul><li>Title VIII – Corporate and Criminal Fraud Accountability Sec. 802 Criminal Penalties for Altering Documents – Amends Chapter 73 of title 18 United States Code </li></ul><ul><li>§ 1519. Destruction, alteration, or falsification of records in Federal investigations and bankruptcy </li></ul><ul><li>Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any department or agency of the United States or any case filed under title 11 [bankruptcy cases], or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both . </li></ul>
  10. 10. Sarbanes-Oxley Act of 2002 <ul><li>Title XI – Corporate Fraud Accountability </li></ul><ul><li>Sec. 1102. Tampering with a Record or Otherwise Impending an Official Proceeding </li></ul><ul><li>Amends Section 1512 of title 18, United States Code – inserting: </li></ul><ul><li>(c) Whoever corruptly – </li></ul><ul><li>(1) alters, destroys, mutilates, or conceals a record, document, or other object, or attempts to do so, with the intent to impair the object’s integrity or availability for use in an official proceeding; or </li></ul><ul><li>(2) otherwise obstructs, influences, or impedes any official proceeding, or attempts to do so, </li></ul><ul><li>Shall be fined under this title or imprisoned not more than 20 years, or both. </li></ul>
  11. 11. Sarbanes-Oxley Act of 2002 <ul><li>One interpretation </li></ul><ul><ul><li>Prosecutors will not have to establish a nexus between the document destruction and an obstruction of justice </li></ul></ul><ul><ul><li>Document destruction itself will be sufficient when there is a known investigation </li></ul></ul>Bricker & Eckler LLP www.bricker.com/publications/articles/681.asp
  12. 12. New Risk – Electronic Discovery <ul><li>December 2006 revisions to Federal Rules of Civil Procedure (FRCP) </li></ul><ul><ul><li>Rules govern conduct of all civil actions brought in Federal district courts </li></ul></ul><ul><ul><li>Many states have similar laws </li></ul></ul><ul><ul><ul><li>Maryland – Proposed amendments published 9/26/2007 – still pending </li></ul></ul></ul><ul><ul><ul><li>Virginia – Seeking public comment or proposed rules; 3/15/2008 deadline </li></ul></ul></ul><ul><ul><ul><li>DC – DC Superior Court follows FRCP; Advisory Committee working on local court rules </li></ul></ul></ul>
  13. 13. Federal Rules of Civil Procedure <ul><li>December 1, 2006 Revisions </li></ul><ul><ul><li>Clarifies definition of electronic discovery (e-discovery) </li></ul></ul><ul><ul><li>Modifies discovery procedures to address electronically stored information (“ESI”) </li></ul></ul><ul><ul><li>Imposes express obligations to preserve, disclose and produce ESI. </li></ul></ul><ul><ul><li>When organization has reason to believe that a claim or lawsuit might occur, must take steps to preserve all relevant data </li></ul></ul>
  14. 14. E-Discovery Risks <ul><li>Spoliation – Destruction or alteration of evidence, or failure to preserve property for another’s use as evidence in pending or foreseeable litigation. </li></ul><ul><li>Possible Penalties </li></ul><ul><ul><li>Monetary sanctions (civil penalties, costs & attorneys’ fees associated with discovery) </li></ul></ul><ul><ul><li>Preclusion sanctions – precluding the offer or other use of certain evidence </li></ul></ul><ul><ul><li>Adverse inferences – directing jury to assume missing ESI is adverse </li></ul></ul><ul><ul><li>“ Rummaging” – Giving discovering party hands-on access to adversary’s computer system </li></ul></ul>Court sanctions for e-discovery failures a growing trend
  15. 15. Electronically Stored Information <ul><li>Emails </li></ul><ul><li>Internet browser information (favorites, cookies, downloads) </li></ul><ul><li>Instant messaging/chat records </li></ul><ul><li>E-Faxes </li></ul><ul><li>Electronic calendars </li></ul><ul><li>Voicemail </li></ul><ul><li>Text messages </li></ul><ul><li>Blogs </li></ul><ul><li>Chat room, bulletin, listserve postings </li></ul><ul><li>PDAs </li></ul><ul><li>Cell phones </li></ul><ul><li>Metadata </li></ul><ul><li>Deleted documents </li></ul>
  16. 16. Where Stored? <ul><li>Hard drive </li></ul><ul><li>Floppies </li></ul><ul><li>Digital media (CDs/DVDs) </li></ul><ul><li>Backup tapes (on and off-site) </li></ul><ul><li>Flash memory drives </li></ul><ul><li>Network servers </li></ul><ul><li>Remote storage (hot sites, online backups, etc.) </li></ul><ul><li>PDAs/Blackberries </li></ul><ul><li>Home computers </li></ul><ul><li>Laptops </li></ul><ul><li>Cell phones </li></ul>
  17. 17. Destroying Electronic Files <ul><li>Virtually impossible to completely destroy electronic information </li></ul><ul><li>Hard drive shredding & melt down </li></ul><ul><li>Degaussing (removes magnetic alignment) </li></ul><ul><ul><li>With shredding & degaussing need to purchase new hard drives </li></ul></ul><ul><li>Scrubbing – Deletes data and overwrites with random data (need to overwrite 7 times) </li></ul><ul><ul><li>Can be detected so make sure no litigation or record hold </li></ul></ul>
  18. 18. Record Retention & Destruction Policy <ul><li>Purpose statement for policy </li></ul><ul><li>Identify if policy for entire organization or specific departments, units </li></ul><ul><li>Personnel responsible for overseeing policy </li></ul><ul><li>Personnel responsible for destruction </li></ul><ul><li>Procedures to implement policy </li></ul><ul><li>Procedures to review and modify policy </li></ul>
  19. 19. Records Management Policy: Record Retention & Document Destruction <ul><li>Evaluate how you handle records & documents </li></ul><ul><li>Define obligations of employees for records management </li></ul><ul><li>Record retention schedule </li></ul>
  20. 20. Records Management Policy Development <ul><li>Identify where and how information is created, stored, archived and destroyed (electronic & paper) </li></ul><ul><li>Identify categories of documents </li></ul><ul><li>Identify fixed period of time to retain each category </li></ul><ul><li>Establish record retention schedule </li></ul><ul><li>Establish process for suspending document destruction </li></ul><ul><li>Implement </li></ul><ul><li>Monitor </li></ul>
  21. 21. Categories of Records <ul><li>Define categories of records (examples) </li></ul><ul><ul><li>Employee benefit records </li></ul></ul><ul><ul><li>Employee seniority & merit systems </li></ul></ul><ul><ul><li>Notices of job openings, promotions, training programs or overtime opportunities </li></ul></ul><ul><ul><li>Job applications & resumes </li></ul></ul><ul><ul><li>INS forms </li></ul></ul><ul><ul><li>Personnel records </li></ul></ul><ul><ul><li>Membership records </li></ul></ul><ul><ul><li>Accounting & tax records </li></ul></ul><ul><ul><li>Legal documents </li></ul></ul><ul><ul><li>Board-related documents </li></ul></ul><ul><ul><li>E-mails, instant messages, voice mail </li></ul></ul>
  22. 22. Retention Periods <ul><li>Fixed period of time for each category </li></ul><ul><ul><li>Legal requirements – Federal, state, local laws </li></ul></ul><ul><ul><li>Industry requirements/best practices </li></ul></ul><ul><ul><li>Organizational needs – how long derives continued business or historical value </li></ul></ul>
  23. 23. Implementation <ul><li>Employee education & training </li></ul><ul><ul><li>How to comply </li></ul></ul><ul><ul><li>Categories of information & retention schedule </li></ul></ul><ul><ul><li>Inform about policy revisions </li></ul></ul><ul><ul><li>Periodic refresher training </li></ul></ul><ul><li>Keep accurate indexes of all hard copy records (on-site and off-site) </li></ul><ul><li>Create indexes of electronic information </li></ul><ul><li>Establish automated record retention & destruction procedures for electronic records </li></ul>
  24. 24. Destruction Suspension Process <ul><li>Process to stop document destruction program (record hold) </li></ul><ul><li>Litigation response team </li></ul><ul><li>Cease destruction at first notice of suit or reasonable anticipations of suit or investigation </li></ul><ul><li>Establish mechanism to preserve all possible evidence </li></ul><ul><li>Notify users not to delete/destroy records </li></ul><ul><li>Avoid deleting or alerting metadata </li></ul>
  25. 25. Monitor Policy <ul><li>Assign responsibility for policy enforcement </li></ul><ul><li>Review retention documentation (indexes and logs) </li></ul><ul><li>Monitor compliance of destruction process </li></ul><ul><li>Periodic review and revision of retention schedule </li></ul><ul><li>Process to amend policy </li></ul>
  26. 26. Additional Resources <ul><li>The Sedona Conference </li></ul><ul><ul><li>http://www.thesedonaconference.org/wgs </li></ul></ul><ul><li>Creating a Strong Foundation for your Company’s Records Management http://www.klgates.com/files/upload/eDAT_ACC_Docket_Article.pdf </li></ul><ul><li>Discovery Resources by Fios </li></ul><ul><li>http://www.discoveryresources.org/ </li></ul><ul><li>K&L|Gates (Kirkpatrick & Lockhart Preston Gates Ellis LLP) </li></ul><ul><ul><li>http://www.ediscoverylaw.com/articles/news-updates/ </li></ul></ul>
  27. 27. Association Resources <ul><li>ARMA International (Association of Records Managers and Administrators) </li></ul><ul><ul><li>http://www.arma.org/ </li></ul></ul><ul><li>Institute of Certified Records Managers </li></ul><ul><ul><li>http://www.icrm.org/ </li></ul></ul><ul><li>Aiim: The ECM Association (Association for Information and Image Management) ECM – Enterprise Content Management </li></ul><ul><ul><li>http://www.aiim.org/ </li></ul></ul><ul><li>National Association for Information Destruction </li></ul><ul><ul><li>http://www.naidonline.org/ </li></ul></ul>
  28. 28. Presenters Eileen Morgan Johnson Whiteford Taylor & Preston, LLP 3190 Fairview Park, Suite 300 Falls Church, VA 22042 703-280-9271 [email_address] www.wtplaw.com Leslie T. White, CPCU, CIC, ARM, CRM Croydon Consulting, LLC P O Box 1414 Severna Park, MD 21146 410.544.0913 [email_address] www.croydonconsult.com