Though concerns around information management often go unrealized until the discovery process, the maintenance of data libraries warrants more attention than reaction to a legal hold. With a proliferating tangle of regulation requiring certain types of information to be held for different lengths of time and compliance obligations differing drastically from nation to nation, it’s imperative that legal departments have the appropriate resources devoted to the legally compliant retention and destruction of data.
Laurie Fischer, managing director, Huron Legal, has a deep understanding of the evaluation and implementation of information management strategies for law firms and legal departments. Fischer says that, “Information management should start all the way to the left of the Electronic Discovery Reference Model. If we could reduce that amount of information, legally and operationally, our e-discovery costs as well as our storage costs go down significantly.”
Currently there are over 20,000 regulations that somehow impact record keeping and legally compliant and operationally sound record retention schedules. Narrowing that scope and understanding what a company is liable for, contingent on its business model and its industry, is an essential start to the reduction of that cost.
Fischer says “Historically, legal counsel was typically conservative with record retention schedules; in fact, many aired on the side of loosening the time period to increase retention, sometime significantly, even if your obligation was only to keep an item for five or 10 years.”
However, with a drastic increase in the volume of information that can be held, it’s increasingly expensive to store information for indefinite periods of time; it’s also risky from a litigation standpoint.
“Attorneys today are telling their record managers ‘let’s define what our legal and operational requirements are and let’s keep to that. Let’s not over retain since it’s so dangerous from an e-discovery angle.’” Fischer says. While there are certainly operational standards that will increase the length of time a piece of information needs to be retained, those are on a case-by-case and industry-by-industry basis.
While care must be given to keep maintain records in a legally compliant manner in the United States, the obligations for an international company multiply considerably. Privacy and collection standards in the European Union, for example, require analysis of existing privacy laws, and often a different procedure for retention plans.
“Are there media handling requirements, are there transmission requirements, are there privacy requirements? Privacy requirements often times stipulate you can’t keep something longer than stated, or that it must be destroyed within a certain time,” Fischer says.
When addressing those challenges, getting the advice of the right people is generally essential in determining an overall retention strategy and plan.
“We’ve just completed globalizing a schedule for a company that does business in over 60 countries. In a few of those countries we found conflicts between privacy requirements and in record retention requirements. In those instances we requested to meet with locally based counsel as well as in house counsel, to talk about the risks. What are the challenges? What position should the organization take? When we’ve got this type of conflict its essential to address those issues sooner than later,” Fischer says.
In the next part of this series we’ll discuss the three key areas that determine successful information management and retention planning.
For more on this topic check out these stories: