Hear the word "record" and you may be instantly transported back to the days before your Bob Dylan and The Who LPs became collectors' items. But for accountants, lawyers and a relatively new breed of data storage professionals called records managers, "record" means data, electronic or otherwise, as defined by federal and state laws.
Good electronic record-keeping, or data retention, requires planning and budgeting for data migration and conversion as well as complying with laws and regulations on how to retain business records. Keeping data over the long run can be costly if it isn't properly maintained and managed--especially if your records become the subject of litigation.
Is it Data or is it Evidence?
The rule of thumb is to have a data-retention policy that requires your organization to save data records as dictated by federal and state laws (see "Wait--Don't Trash That Record"). Consulting an accountant, an attorney or a records manager can help you determine which business records you're required to keep. Check with ARMA International (www.arma.org) and the Information Requirements Clearinghouse (www.irch.com)--see "Sites To See" at right for more information on these organizations. Of course, with so much of today's enterprise data created and edited on computers and delivered via e-mail, the original copy and all draft versions of memos, letters and other business documents, including budgets and contracts, can live for years on your company's computers, servers and backup media. That's great for disaster recovery purposes, but it can prove troublesome if, during pretrial discovery in a civil suit, a plaintiff uncovers documents that support its claim. And if you find you're not required to save non-business-related records--employees' personal e-mail, for instance--don't. You'll save on storage costs and overhead, and you'll limit the potential liability of a "smoking gun."
No matter which side of a lawsuit you're on, it's important to suspend e-mail autodelete functions and stop recycling backup tapes at the outset. If you accidentally destroy documents you're required to present, you could be accused of evidence tampering or obstructing justice; at the very least you might cause the judge or jury to perceive that you have something to hide. You might also destroy documents that would refute your opponent's claims.
Discovery procedures require you to analyze and determine the volume of e-mail and other electronic data relevant to a case. Deleted files can often be found in unallocated disk space, so forensics experts can recover them even if they have been overwritten. You can extract information from PCs and servers using a bit-level imaging technology to find deleted files.
Either side in a case can request that the other produce electronic documents from servers, backup tapes, voicemail and e-mail systems as well as from desktop PCs, laptops, handheld computers and even personal home computers that employees use for business. It's basically no different from requesting documents contained in a file drawer. But that doesn't mean you can simply print out the electronic documents. Courts historically have rejected hard copies when the plaintiff requests electronic documents.
Sites To See
ARMA International, The Association for Information Management, monitors government initiatives in the United States and Canada
At the very least, be aware that copies of any and all data could become evidence for your opponent in a legal action. If you store all data in large document repositories and don't have a data-retention policy and procedures for restricting non-business-related documents and messages, you raise the risk of an inadvertent e-mail message becoming a liability.
Take Microsoft. The company was put on the defensive in antitrust proceedings after the Justice Department uncovered incriminating e-mail messages. Microsoft could have avoided this problem if it had implemented and followed a document-retention policy consistently across its data and e-mail stores. The good news for Microsoft, however, was that it was able to produce from its archives e-mail messages that helped its case--messages that were allegedly deleted from AOL's and Netscape's backup tapes. More recently, Merrill Lynch's lack of an effective data-retention policy caused the firm major embarrassment when an investigation by the New York State Attorney uncovered internal e-mail messages from some analysts criticizing stocks they had been promoting publicly.
So enterprises should limit data retention to the exact sum of its parts--solely those documents and records needed for operational, historical and legal purposes. Institute policies and procedures for managing data repositories so you're prepared and protected in the event of litigation. Your records-retention policy also should distinguish between business and non-business communications, which requires training employees on maintaining the former and deleting the latter. A data-retention policy will hold up best in court if it's enforced consistently across the enterprise.
REPORTS
Analyize In-Line NAC strategies and products.
ANALYTICS Plan and design your enterprise blade server deployments
2009 IT Salary Survey: Meager Raises, Solid Prospects
Though raises are notably smaller than a year ago, and job security’s shrinking, IT careers are looking safer than many others in this economic downturn. Get all the findings in InformationWeek's 2009 IT Salary Survey. Available FREE for a limited time.
REPORTS
ANALYTICS
Follow 
