Thursday, October 19, 2006

Kelly Friedman: Electronic Retention Policy

Kelly, a partner at Ogilvy, discussed about "How to develop and implement an Electronic Document Retention Policy (DRP) that works for your company".

Here are the most interesting questions and answers given:

Why not retain everything:-storage
-retrieval
-context
-security
-litigation risks
-costs
-costs
-costs!!!

Goals of DRP:
Captures business valuable information
Organize records
Protects records form alteration/disposition
Allows for LEGAL disposition of useless information
Allows its interruption for litigation hold purposes
Provides cost-effective access to relevant records

Standards (see my presentation)

Retention periods:
Legislation/regulation
Limitations Act
Industry practices
Risk tolerance

E-mail retention: Striking the Balance
Preserve valuable e-mails/Purge e-mails
Integrate in DRP
Archive to a single location until considered for inclusion in the R/DMS
Categorize e-mails using criteria that verify their value and retention period

I think the archiving solution refer to the use of the inbox or (not a good idea) a .pst that would later be reviewed to include in the DMS or purge. Someone asked if there is a information manager who is going to go through all those e-mails
I think it is a personal obligation and, as answered by Kelly, it is all about teaching people and having understandable policies (DRP, DMP, etc.)

As for the categorizing, I am still working on having the process automatised as much as possible by having the system analyse the content of the e-mail to save it to the right matter with the important metadata and offer the possibility to the custodian to either accept, modify or reject the saving.

Litigation hold:
Integral part of and override DRP
Duty to preserve - when knowledge of pending or imminent investigation/litigation
Halt routine that may destroy or taint potentially relevant data
Think about hard drives and PDAs

I would add to that last one, assistants and home offices, memory sticks, iPods, web 2.0 applications blogs, rss, forums, etc.), you get the point: everything!!

Internal litigation hold memo
- to whom
- content
- explain need for evidence preservation
- tell them where to look for (examples)
- ask for other key players
- Visit IT department (remove backup tapes to legal)
I would say this is an excellent idea for a small business or a business that is rarelly being sued. Otherwise, with edd evolving (and multiplying), legal department will become backups archiving farms...
- Visit key players (custodians and assistants)
- ONCE IS NOT ENOUGH
- Monitor compliance

Training Top Ten:
Annual training with senior management participation
Emphasize its mandatory nature
Give examples to illustrate dangers of e-mails (Diebold, Microsoft, Morgan Stanley, etc.), IM, etc.
- Demonstrate appropriate vs inappropriate
Adress ownership and privacy issues
Explain individual roles in retention and deletion (I would stress this one and link it to sanctions)
Consistently apply discipline for non-compliance
Distribute hard copies of policy

People who know me, know I won't do that. However, I know, unfortunately, we still have to and must do it in a corporation.

Audits
No retention is ever complete (!!!)
Review to ensure:
- relevancy
- meets industry standards
- new legislation
- authenticity
- integrity
Sample audits

Conclusion:
3 Es of record management
- Establish policy
- Educate employees
- Enforce policy
4 Cs of E-discovery
- Coordination
- Communication
- Compliance
- Costs
Improve
- Limit the creation of e-data
- Audit and improve DRP and litigation hold strategy

Very interesting presentation. It was the third time I was hearing her and I enjoyed it as much as the previous time. She also prepared an interesting ppt on bad uses of e-mails that has been distributed at Bell: a must see!!

No comments: