1 / 24

Electronic Records Retention: A Pragmatic View

Electronic Records Retention: A Pragmatic View.  Or  “Ya’ Gotta Know When to Hold ‘em, and Know When to Fold ‘em ”. ©2008 – Learn Consulting. Disclaimer. Learn Consulting Does Not Provide Legal Advice . If you are in Need of Legal Advice, Consult a Competent Attorney.

tracy
Télécharger la présentation

Electronic Records Retention: A Pragmatic View

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Records Retention:A Pragmatic View  Or  “Ya’ Gotta Know When to Hold ‘em, and Know When to Fold ‘em” ©2008 – Learn Consulting

  2. Disclaimer Learn Consulting Does Not Provide Legal Advice. If you are in Need of Legal Advice, Consult a Competent Attorney. © 2008 – Learn Consulting

  3. Goals of an ERR Policy • Meet Business Objectives and Requirements • Assure Statutory, Regulatory, and Judicial Compliance • Maintain Cost Effective Business Practices © 2008 – Learn Consulting

  4. Discovery BlackMail! • Avoid a Situation Where It Becomes Cheaper to Settle Litigation than to Comply with Requirements of Discovery! © 2008 – Learn Consulting

  5. Known When to Hold 'Em • Last May, Wall Street was stunned when a jury ordered white-shoe firm Morgan Stanley to pay financier Ron Perelman $1.58 billion for the bank's role in a botched deal. Almost as stunning as the award: the high-profile case turned on Morgan Stanley's failure to turn over requested electronic documents. (Source: CFO Magazine) © 2008 – Learn Consulting

  6. Known When to Hold 'Em • The average U.S. corporation is currently contending with 37 lawsuits — and, increasingly, litigants are demanding to see defendants' digital documents. (Source: CFO Magazine) © 2008 – Learn Consulting

  7. Known When to Hold 'Em • Only 57 percent of U.S. businesses have records-retention policies. • Many businesses craft retention policies that cover memos, Word files, and the like, but not E-mail, instant messages, or other "unstructured" data. • The convergence of mobile phones with computers will cause even more problems. (Source: CFO Magazine © 2008 – Learn Consulting

  8. You Don’t Have to Manage What You Never Created! • If There Isn’t a Reasonable Business Need to Create an ER, Don’t Create It! © 2008 – Learn Consulting

  9. You Don’t Have to Manage What You Never Created! • Implement and Enforce Appropriate E-Mail, IM, Text Message, etc., Policies and Procedures that Discourage the Creation of Superfluous ERs that are Potentially Dangerous, Costly to Manage and Store, and Totally Unnecessary! © 2008 – Learn Consulting

  10. You Don’t Have to Manage What You Never Created! • Discourage, Control and/or Prohibit Personal Use of Corporate Electronic Messaging Technologies! • Manage and Control Use of Outside E-Mail Accounts by Employees. • Axiom: E-Mail Lives Forever!! • It is Very Difficult, If Not Impossible, to Determine Where the E-Mail May Have been Forwarded and/or Stored! © 2008 – Learn Consulting

  11. Disaster Recovery • ERR Must Be Credibly Included in Disaster Recovery Strategies, Plans, Processes and Policy. • A Judge May Be Less Than Understanding About a Hard Drive Crash or Virus Attack! © 2008 – Learn Consulting

  12. What About Encryption? • Make Sure Your Policy Addresses the Ability to Recover Archived Records That Are Encrypted!! © 2008 – Learn Consulting

  13. What About Encryption? • Make Sure You Have the Keys to Encrypted Records!! • Maintain an Encryption Policy! © 2008 – Learn Consulting

  14. Business Imperatives • Process and consistency will be key when retaining electronic records. • In order for the enterprise to verify the authenticity and origin of an electronic record, it must have in place a system to capture and catalog identifying metadata. • Enterprises will need to factor into any electronic records retention policy any outsourcing agreements in which they participate. (Source: RFG Research) © 2008 – Learn Consulting

  15. Bottom Line IT executives should ensure that their e-records retention policy is comprehensive, well documented, and covers issues such as outsourced arrangements and non-business system use. IT executives should investigate the effect of various business arrangements and procedures in light of their formulation of this policy. Furthermore IT executives should validate that the procedures established as a result of the policy effectively address all the tenets of the policy. This will help to ensure that the enterprise is not left exposed in times of investigation or litigation, should such a scenario arise. (Source: RFG Research) © 2008 – Learn Consulting

  16. Honest, Your Honor! • The Courts currently appear to allow significant discretion when it comes to ERR, Provided the Policy is: • Reasonable • Consistent, and • Rigorously Enforced © 2008 – Learn Consulting

  17. Reasonable • Policy Is Written, Widely Promulgated, and Reflects Adequate Training of Affected Personnel • Meets Statutory, Regulatory and Judicial Requirements (including Provisions for Placing Legal Holds on Documents) © 2008 – Learn Consulting

  18. Reasonable • Promotes Reasonable and Understandable Business Objectives and Requirements • Is Inclusive and Encompassing © 2008 – Learn Consulting

  19. Consistent • Codified at the Highest Level of the Organization • No Exceptions (or Exceptions are Rigorously Handled within a Documented Process within the Policy) © 2008 – Learn Consulting

  20. Consistent • Enduring; e.g., Not Implemented or Changed as the Result of (or in Temporal Proximity to) Anticipated or Actual Litigation • Specific and Organization-Wide © 2008 – Learn Consulting

  21. Rigorously Enforced • Ultimate Responsibility and Authority for Implementation and Enforcement Is Vested in a Specific Individual (i.e., Not a Position, Organizational Unit, etc.) • There is a Clear Record of Compliance Over an Extended Period of Time © 2008 – Learn Consulting

  22. Assure You Can Read Archived Data • Much of NASA’s Early Space Exploration Data Is Irrecoverable. • Must Also Archive Software Used To Recover Data. (Source: Ohio Historical Society) © 2008 – Learn Consulting

  23. “Know When to Fold ‘em” • Kill Expired Records!! • …and Kill them Again! • Make Certain They Are Dead!! • Wounded Records Will Come Back to Haunt You!! © 2008 – Learn Consulting

  24. Questions/Discussion?? © 2008 – Learn Consulting

More Related