|
Portfolio 86-1st: Records Retention for Enterprise Knowledge Management
I. Introduction
II. Reasons for Records Retention
. Introductory Material
A. Enterprise Functionality
B. Regulatory and Financial Requirements for Records Retention
C. Litigation
III. How and When to Implement Litigation Holds
. Introductory Material
A. Reasonably Anticipating Litigation: When the Enterprise Should Implement a Litigation Hold
B. Implementing the Litigation Hold
1. Determining what to preserve
2. Documenting decisions is critical to later determining reasonableness
3. Communication
4. Enforcement and compliance
5. Ongoing review and analysis of the litigation hold
C. Addressing the Problem of Overlapping and Cascading Litigation Holds
D. The Importance of Removing the Litigation Hold
IV. Sanctions for Spoliation
and Other E-Discovery Misconduct
A. Introduction
B. Monetary Sanctions
C. Evidentiary and Testimonial Limitations
D. Adverse Inference Instructions
E. Default Judgments
V. The Necessity of a Formal Records Retention Plan
. Introductory Material
A. Ad Hoc Employee Document Retention
B. Adding Value to the Enterprise
1. Operating benefits
a. Efficiency in collecting and maintaining enterprise information
b. Consistency
c. Availability of information
d. Accuracy of information
2. Collateral benefits
C. The Need for Periodic, Supervised Destruction of Documents
VI. How to Establish and Implement a Records Retention Plan in the Electronic Age
A. Audit of the Company
1. Assemble a team and set a schedule
2. Build a road map for the audit
3. Inventory technology and in-practice records retention procedures
a. IT personnel and practices
b. Records
c. Actual practices vs. written policies
4. Evaluate and prepare a report
B. Setting Records Policy—Determining What to Keep and Why
1. The potential need for department-specific policies
2. Business needs
3. Federal legal and regulatory requirements
a. Labor and employment laws
b. Health care records
4. Impact of various state and local laws and regulations
5. Litigation requirements
6. Companies doing business in multiple countries
a. General questions
b. Jurisdiction-specific considerations
c. EU directive on personal data protection
C. Creating a Records Retention Plan That Is Ready for E-Discovery
1. The cost of mismanagement of e-data
2. The new Federal Rules of Civil Procedure
3. Implementing a retention plan that takes advantage of the new rules
a. Reasonably accessible and not reasonably accessible data
b. Litigation holds and the routine destruction of records
c. E-discovery—search, retrieval, and privilege
reviews
d. Legacy data, backup tapes, and other storage media
e. Distinctions between personal and business records
4. The benefits of the new rules
D. Security and Privacy Considerations Relating to Records Retention Plans
1. The Gramm-Leach-Bliley Financial Institutions Improvements Act of 1999
2. Federal Trade Commission ‘safeguards rule'
3. Health Care and Insurance Portability and Accountability Act of 1996
4. Sarbanes-Oxley Act of 2002
5. Federal Trade Commission regulation of unfair and deceptive practice
6. State privacy laws requiring security breach notification
7. Ensuring that the records retention plan addresses security and privacy considerations
E. Documenting the Audit and the Records Retention Plan and Its Enforcement
1. Compliance with rules and case law regarding preservation and discovery of ESI
2. Compliance with Sarbanes-Oxley
a. Section 302
b. Section 404
c. Sections 802 and 1102
d. Section 409
3. Compliance with litigation holds and related admissibility issues
F. Implementing the Plan
1. Evaluation and adoption of technological solutions
2. Communication to IT, records management, and key players
3. Training
4. Ensuring compliance
5. Periodically auditing and reevaluating
VII. Conclusion
| 
