Corporate Practice Series Portfolio No. 86-1st, Records Retention for Enterprise Knowledge Management, explains how and why businesses should create, review, and/or update their records retention plans to ensure proper records management and to comply with regulatory requirements in today’s world of electronic data.

Portfolio 86-1st: Records Retention for Enterprise Knowledge Management

I. Introduction

II. Reasons for Records Retention
    . Introductory Material
    A. Enterprise Functionality
    B. Regulatory and Financial Requirements for Records Retention
    C. Litigation

III. How and When to Implement Litigation Holds
    . Introductory Material
    A. Reasonably Anticipating Litigation: When the Enterprise Should Implement a Litigation Hold
    B. Implementing the Litigation Hold
        1. Determining what to preserve
        2. Documenting decisions is critical to later determining reasonableness
        3. Communication
        4. Enforcement and compliance
        5. Ongoing review and analysis of the litigation hold
    C. Addressing the Problem of Overlapping and Cascading Litigation Holds     
    D. The Importance of Removing the Litigation Hold

IV. Sanctions for Spoliation and Other E-Discovery Misconduct
    A. Introduction
    B. Monetary Sanctions
    C. Evidentiary and Testimonial Limitations
    D. Adverse Inference Instructions
    E. Default Judgments

V. The Necessity of a Formal Records Retention Plan
    . Introductory Material
    A. Ad Hoc Employee Document Retention
    B. Adding Value to the Enterprise
        1. Operating benefits
              a. Efficiency in collecting and maintaining enterprise information
              b. Consistency
              c. Availability of information
              d. Accuracy of information
         2. Collateral benefits
    C. The Need for Periodic, Supervised Destruction of Documents

VI. How to Establish and Implement a Records Retention Plan in the Electronic Age
    A. Audit of the Company
         1. Assemble a team and set a schedule
         2. Build a road map for the audit
         3. Inventory technology and in-practice records retention procedures
              a. IT personnel and practices
              b. Records
              c. Actual practices vs. written policies
         4. Evaluate and prepare a report
    B. Setting Records Policy—Determining What to Keep and Why
         1. The potential need for department-specific policies
         2. Business needs
         3. Federal legal and regulatory requirements
              a. Labor and employment laws
              b. Health care records
         4. Impact of various state and local laws and regulations
         5. Litigation requirements
         6. Companies doing business in multiple countries
              a. General questions
              b. Jurisdiction-specific considerations
              c. EU directive on personal data protection
    C. Creating a Records Retention Plan That Is Ready for E-Discovery
         1. The cost of mismanagement of e-data
         2. The new Federal Rules of Civil Procedure
         3. Implementing a retention plan that takes advantage of the new rules
              a. Reasonably accessible and not reasonably accessible data
              b. Litigation holds and the routine destruction of records
              c. E-discovery—search, retrieval, and privilege reviews
              d. Legacy data, backup tapes, and other storage media
              e. Distinctions between personal and business records
         4. The benefits of the new rules
    D. Security and Privacy Considerations Relating to Records Retention Plans
         1. The Gramm-Leach-Bliley Financial Institutions Improvements Act of 1999
         2. Federal Trade Commission ‘safeguards rule'
         3. Health Care and Insurance Portability and Accountability Act of 1996
         4. Sarbanes-Oxley Act of 2002
         5. Federal Trade Commission regulation of unfair and deceptive practice
         6. State privacy laws requiring security breach notification
         7. Ensuring that the records retention plan addresses security and privacy considerations
    E. Documenting the Audit and the Records Retention Plan and Its Enforcement
         1. Compliance with rules and case law regarding preservation and discovery of ESI
         2. Compliance with Sarbanes-Oxley
              a. Section 302
              b. Section 404
              c. Sections 802 and 1102
              d. Section 409
         3. Compliance with litigation holds and related admissibility issues
    F. Implementing the Plan
         1. Evaluation and adoption of technological solutions
         2. Communication to IT, records management, and key players
         3. Training
         4. Ensuring compliance
         5. Periodically auditing and reevaluating

VII. Conclusion       

Portfolio 86-1st: Records Retention for Enterprise Knowledge Management

Wks. 1 Sample Records Retention Plan

Wks. 2 Employee Acknowledgment and Information Form

Wks. 3 Records Retention Plans — Checklist of Key Elements*

Wks. 4 E-mail Retention: Readiness Survey*

Wks. 5 Records Audit and Interview Outline

Wks. 6 Retention Period for Specific Records

Wks. 7 Certain Legal and Regulatory Requirements Concerning Records Retention

Wks. 8 State Laws Requiring Security Breach Notification

Wks. 9 Sample Preservation Letter to Client

Wks. 10 Sample Preservation Letter to Opposing Counsel or Non-Represented Party

Wks. 11 Federal Rules of Civil Procedure Chapter V Depositions and Discovery Rules 26 through 37

Wks. 12 Medtronic Sofamor Danek, Inc. v. Michelson

Wks. 13 Zubulake v. UBS Warburg LLC

Wks. 14 Coleman (Parent) Holdings, Inc. v. Morgan Stanley & Co., Inc.f     

Robert E. Braun
Jeffer, Mangels, Butler & Marmaro LLP
Los Angeles & San Francisco, California

Stanley M. Gibson
Jeffer, Mangels, Butler & Marmaro LLP
Los Angeles & San Francisco, California

Michael A. Gold
Jeffer, Mangels, Butler & Marmaro LLP
Los Angeles & San Francisco, California

Dan P. Sedor
Jeffer, Mangels, Butler & Marmaro LLP
Los Angeles & San Francisco, California