Records Management is an Integral Part of a Corporate Integrity Program

 
Bryan Cave is internationally recognized for our extensive experience in the laws of records management and other corporate integrity programs.  Our approach in corporate integrity engagements is to perform not only as lawyers, but also as consultants.  Unlike those of consultants who are not lawyers, our deliverables come to the client as an opinion of counsel that all applicable legal requirements, such as mandatory retention obligations, have been adequately addressed.
 
Of equal importance, we provide the client with the maximum records disposition opportunities consistent with applicable law. The recent amendments to the Federal Rules of Civil Procedure now mandate new forms of electronic discovery that can fast become sweepingly intrusive and expensive – often costing the litigant more than the underlying claim itself.  One author refers to eDiscovery as an “autopsy without benefit of death.”  Bryan Cave’s proprietary “legacy data remediation” procedures can significantly reduce unnecessary costs and risks of eDiscovery.  We believe  senior executives not only have the right, but also a fiduciary duty, to carry out the process of legacy data remediation.

Legacy Data Remediation

Business records, like any other corporate assets, have a lifecycle.  A company would not hold on to a laptop computer or server that has outlived its lifecycle.  A record that is at the end of its useful life, and that stops providing a return on investment, must be disposed of.

Do we really need to keep every email that an employee ever sent or received? Do we really need to save every backup tape we have ever created?  Some of those emails and tapes are many years old.  The answer to both questions is a clear “NO.”

In addition to having no business or legal value to the company, some obsolete data may also be unfairly prejudicial.  For instance, an off-hand unauthorized statement by an employee could nonetheless be used against the company in litigation to ascribe to it a position or conclusion that it never embraced.  Absent what we call a “Triggering Event” giving rise to a “Legal Hold Directive”, business organizations have both the right and responsibility to dispose of obsolete records, provided all disposition is carried out consistently, in good faith and in a content-neutral manner.  The goal of consistency is furthered by scrupulously adhering to the organization’s records retention schedule, which represents its predetermined judgment of each record’s lifecycle.  We call this process “legacy data remediation” or “LDR”.

Basic Records Management Engagement

The basic deliverables of our practice are a Records Management (RM) Policy, Initial “Legalistic” Implementation Procedures and a Records Retention Schedule.  We believe these are the minimum components of a viable RM Program.

Policy

The Policy is always specifically tailored to a  client’s particular needs, characteristics and geographical reach.  It will preserve as much as possible of the client’s language, style and current ways of doing business, so that implementation will result in the least possible disruption of business.  The Policy usually consists of approximately 10 pages of “plain English” designed to touch all the applicable legal bases, while at the same time remaining  easy to understand by every record maker in the client’s organization. 

Implementation Procedures

The Implementation Procedures give real life to the Policy.  The Procedures enable all record makers to comply fully with applicable legal requirements, while at the same time permitting the client to avail itself of legacy data remediation opportunities and achieve best practices for the organization, so that important data can be retrieved quickly and easily when needed for business and legal purposes.

The “legalistic” Implementation Procedures are part of the basic engagement. They are intended primarily for use by the client’s inside and outside general counsel.  The following  is a partial list of legalistic procedures:

  • Recognizing  triggering events and when to issue legal holds
    • Identify records, locations and timeframe covered
    • Which employees to receive
  • Executing a legal hold in the case of electronic records
  • Legal hold templates
  • Legal hold follow-up questionnaire and interview templates
  • Periodic reissuance of legal hold directive
  • Business and legal case for LDR
  • Carrying out the first round of LDR – the “low-hanging fruit”
  • Simplified and cost-effective process for obtaining opinions of outside RM counsel as to lawfulness of disposition of particular groups of obsolete records
  • New “user mindset” procedures
  • New and uncomplicated electronic data filing and organizing procedures, such as for email

Retention Schedule

The Retention Schedule lists approximately 80 - 100 categories of records, and assigns a retention period for each.  These periods are based on mandatory retention laws applicable to the particular client, statutory limitations and business (that is, nonlegal) considerations.  As a result of our comprehensive RM knowledge and experience, as well as global capabilities, we never have to “reinvent the wheel,” because we are already experienced  with all major records retention and handling requirements not only in the United States, but internationally as well.   Our databases are kept up to date and complete.

More Comprehensive Records Management Engagement

We encourage our clients to pick and choose the  specific guidance they need, and to phase the work over time.  For instance, clients who are already well along in the process, or wish to use other inside or outside resources, may not need us to perform all – or even any - of the “preliminary work.”

Preliminary Work

  • Landscape Assessment
    • “What is the client’s current records management system, if any?”
  • Preparation of Client’s Current Data Map
    • “Where are the client’s records located at present; what are the current filing and categorizing taxonomies, if any; and how do the client’s current data storage locations (servers, etc.) interact with one another and with the outside world?”
  • Gap Analysis
    • “Does the client’s current RM system fall short of legal requirements and best practices and, if so, in what particular ways?”
  • Preparation of Client’s New Data Map
    • Within budgetary limits, how could the client’s RM system be remapped to comply with legal requirements, achieve RM best practices and facilitate LDR?”

Additional “Legalistic” Procedures

  • Assisting client with roll-out of new program documents
    • Supporting the client’s in house legal and IT personnel to obtain senior management and governing board acceptance.
  • Training all record makers in the new rules
    • Integrated with the Policy, Schedule and Procedures
    • Will demonstrate client’s due diligence in training all employees; very useful in court to mitigate vicarious liability, if ever necessary 
  • Informed assent
    • After web-based training and on-line testing, each record maker asked to sign an “informed assent” to the new program
    • Development of risk assessment, ongoing monitoring and enforcement procedures
  • Development of new handling, security and storage protocols (including fulfillment of legal requirements related to privacy)
  • Ongoing legacy data remediation
    • Supportive opinions of outside RM counsel
  • Preparation for eDiscovery - identification and protection of privileged information

Assistance in Preparation of Management and IT Implementation Procedures

  • Procedures to Guide in the Selection of RM Software
  • Special Procedures Applicable to Electronic Data
    • Use of IMs and SMS
    • Email legend
    • Ingress and egress data
    • Data backup tapes
    • Voicemail
  • Servercentric Systems
    • Local user policies and registry push-down
    • Data and systems security
  • Data Conversion, Metadata
    • Forensic metadata
    • Metadata useful to the client in its business
    • Static versus native format
    • How to reduce storage footprint of electronic data
  • Data Organization Procedures
    • Retrospective
    • Automated Processes (Sorting, culling, de-duping, etc.)
  • Prospective
    • User mindset
    • User intervention
    • Automated Processes

Full Array of Corporate Integrity Programs

Records Management is but one of the full array of corporate integrity programs.  We advise clients in all of the following  areas:

  • Antitrust
  • Bribery and Kickbacks (including supplier and customer relations)
  • Competitive Intelligence (“dumpster diving” and economic espionage, etc.)
  • Conflicts of Interest
  • Corporate Opportunities
  • Email, Internet and Computers (including personal use of company property)
  • Employee Political Activities (including contributions and lobbying)
  • Gifts and Entertainment
  • Financial Integrity (including quality of public disclosures and accurate books and records; Sarbanes Oxley and ’34 Act 10b-5)
  • Insider Trading
  • Intellectual Property (including ownership and protection of inventions, marks, logos and ideas; also including IP on electronic media)
  • International Trade and Commerce ((including antiboycott, trade and economic sanctions, export/import and ethical currency transactions (money laundering))
  • Marketing Integrity (including truth-in-advertising)
  • Product Liability
  • Records Management (including privacy issues and laws such as GLBA, HIPAA, COPPA, FCRA/FACTA and ECPA, as well as international data privacy rules such as Canada’s PIPEDA and the EU Privacy Directive)