Few things are as important and as challenging for a growing business as having a handle on the lawful and strategic creation, maintenance, and destruction of records. For starters, it goes without saying that having full command of your business’s information has great competitive value. Information is power.
Managing your information allows your business to comply with legal requirements, properly defend itself in legal disputes and, of course, use your information to maximum competitive advantage.
Achieving optimal information control is perhaps harder than ever. It has always been difficult because there are few black and white answers when it comes to records. Of course, there are certain legal requirements that employers must follow, but that is really just the beginning of the inquiry.
The task has become increasingly difficult because of the increasing volume and dispersion of the enterprise’s information. Because of technology, we just create more information than we used to, and more of the information that we create is preserved. What used to be thousands of conversations are now preserved as e-mails, texts, social media posts, and the like. This information also resides in many places as we do more and more business away from the “mainframe” or other centralized repository of information.
Achieving information control that is right for your company involves many decisions specific to your culture. However, there are certain questions that every company should ask itself as part of a process to get a handle on its records.
Who is the business’s point person?
An individual should have primary ownership of the records process. Records management is a team effort to be sure, and the larger the company, the truer that becomes. However, as with most important aspects of your business, somebody should be in charge of overseeing the records process.
Who needs to be part of the discussion?
Having said that, there are many people who are important to the records management discussion. Failure to involve the right people may doom the plan to failure. Certainly there is a legal aspect to the discussion– both to ensure compliance with applicable requirements, and to consider the possible strategic value of retaining records longer than is technically required.
Of course the records plan must be technologically achievable under the company’s technology resources, so the IT function must be at the table. Last but not least, obviously the appropriate business and operations people need to be part of the process to speak to their informational needs. It is simply impossible to create a sustainable records plan without all of these viewpoints represented in the creation of that plan.
What does the law require?
There are various legal requirements for document retention. Some will be generally applicable to businesses– at least those meeting a threshold size under applicable laws– and some may be industry-specific. Obviously it is important as a starting point that your business comply with these laws. However, do not simply obtain a list of requirements and consider that your records plan.
These requirements are floors, not ceilings, and take into account neither legal nor business strategic considerations that may counsel longer retention periods than what is minimally required. For example, normally you will want to keep records at least until the end of the statute of limitations period for claims that might involve those records. Usually, though, the law will not require you to do so.
What if we have a legal dispute?
It is critical to understand that, in the event of a legal dispute, the court or other decisional body will expect your business to have critical records relating to the dispute. This has always been true to a degree– spoliation of evidence can be a criminal offense. However, it is much more common in recent years that a key email or other electronic document has been destroyed.
Few things are more important in the realm of records management than ensuring that documents that may be relevant to a legal dispute not be destroyed once you have reasonable notice of the dispute. This is called a “litigation hold” and should be implemented at some point agreed to with your legal counsel, not when a case or other proceeding is filed, but when you are reasonably on notice that a dispute could ensue.
How will we handle mobile devices?
As noted above, the records game has completely changed because of the amount of business that is done on devices other than on the computer at a fixed desk at the company’s facility. If your company does significant business on iPhones and other remote devices, courts are going to expect you to have access to that information in the event of a legal dispute. And of course you can use to your strategic advantage only that information to which you have access. This in itself is a complex issue. Will employees be able to use devices that they own? How will you have access to that information?
Do we have the collective will to follow the plan that we agree to?
Finally, note that a plan not followed can, in some respects, be worse than no plan at all. The failure to follow a written plan in the event of litigation can be very damaging to the company in litigation. It looks like you are hiding something if a document that should have been retained under policy has been destroyed, even though most likely it was just out of inadvertence.
All the more reason not to just pull a plan off of the Internet and make it yours. As with all these questions, there is no substitute for the right people sitting down and making the decisions that are right for your business.