January 1, 1900

by Susan E. Inverso

While computers have become the key method of records retention in virtually every industry within the State of New Jersey, many corporate decision-makers are unaware of the vulnerability of their enterprise with regard to litigation. It is essential that all business owners consider the legal requirements of record retention and establish a compliance program to guard against allegations of wrongdoing. New Jersey business owners must be aware that they will only be protected from costly litigation by fully complying with the legal requirements for electronic record keeping.

Many business owners do not consider their compliance and how their business will be affected in the event of litigation. In litigation, information in the possession of the company, including electronic information, is discoverable. At the outset, an attorney should request a copy of the company's records retention policy manual. Then, the attorney may request specific details as to the methodology and implementation of any technology, including information regarding any records retention audits. It largely will be the responsibility of the personnel in charge of records retention and disposal to respond to these requests, whether through written questions or oral testimony. Therefore, it is essential that those responsible for records retention be well aware of the requirements of the law. Only through diligent records management can a business successfully defend a claim of liability or spoilation of evidence. It is up to the company to show that it is in compliance with its records retention policy, and such a responsibility cannot wait until the company has been sued.

Many companies, unfortunately, are not sufficiently familiar with the information that they possess. Even if a company is computer savvy, it may not be aware of the full extent of the backups on its computer system. And if a company is not sufficiently aware of the information contained within its computer system, it may be unable to comply with its records retention policy.

Creation and Enforcement of a Records Retention Policy

Initiating a records retention policy is crucial to the operation of even the smallest company. Most large corporations will have policies and, within the company, a records management group must be established to insure compliance with these policies. As such may be a difficult task, it requires the cooperation of the employees of the company. Compliance with a records retention policy is not simply the work of the records management group, but of every company employee.

A company's records retention policy must be enforced to the fullest extent permitted by the policy. Unless a company can demonstrate strict compliance with its records retention policy, it cannot use such policy to claim it possesses no documents. For example, how would it look to a jury if a company still has in its possession a 20 year old document. The implication can be devastating. The company could at the very least be exposed to further and unwanted investigation into its practices and procedures and at the worst, may be unnecessarily exposed to liability. Thus, even if a company has nothing to hide, document mismanagement and noncompliance with a records retention policy may result in unnecessary costs to the company.

Obstacles to Compliance

There are two main obstacles which stand in the way of compliance with a records retention policy: first, software which is not cognizant of or addressed towards records retention issues; and second, inadequate employee training with regard to records retention issues.

In discussing records retention policies and the difficulty of compliance in the modern workplace, a business must consider all of the electronic data utilized, document imaging, document management, electronic mail (e-mail), word processing, accounting and backups.

With document imaging, for example, consider that documents with different retention schedules may be saved on the same permanent media (such as a compact disc). This may prevent a company from disposing of documents in compliance with its records retention policy as it would either have to wait until the latest retention date to dispose of the permanent media or have to undertake the costly and time-consuming task of selectively destroying or resaving documents on the permanent media. Another problem encountered with document imaging is that some companies destroy only the index or only the documents, but not both. Such practice is insufficient. The index may prove almost as valuable, or perhaps more so, than the documents themselves.

With document management, some companies run into the similar problem of only disposing of either the documents or the indices. Once again, this practice is insufficient. Both the documents and the indices must be disposed of, or the company may not be able to claim that the documents have actually been destroyed and that it has complied with its records retention policy. This can be an easy problem to solve. Most document management systems can be easily programmed to comply with a company's records retention policy. The fact is, though, that many are not.

With e-mail systems, while they are usually purged on a regular basis, individual employees may save their e-mails, and backups often exist of all e-mails on the system. Further, information is often not deleted from a hard drive until the space which is occupied is overwritten. All employees granted access to e-mail program should be made cognizant of the corporate policy on e-mail retention.

Sometimes the backup may be periodically archived in an off-site location, and often the backups are kept for a longer period than the records lifetime of some of the information. Occasionally, backups are kept permanently in violation of a company's records retention policy. A company is not in compliance with its records retention policy if it is saving backups of information beyond the set retention schedule. Companies should have just as strict, well-documented procedures for the destruction of its backups (or other documents) as it does for the preservation of those same backups (or documents). Generally, large corporations receive a Certification of Destruction from a certified destruction agent in order to demonstrate that materials have been disposed of properly.

A related issue is the existence of off-site work within the company. For example, many companies allow and even encourage their employees to work at home (whether in the form of documents or electronic information). Many times these employees have their own home computers or portable laptop computers. Either way, most companies do not take steps to insure that the employees are complying with the company's records retention policies. If the company does not keep track of information which the employee takes home, the failure to track such information may have tremendous consequences. Another problem may arise when former employees retain information long after they have ceased working for the company. This is an extremely difficult problem to solve, but it must be attempted to any extent possible for the same reasons. While this is not to say that employees should not be allowed to work outside the company's facilities, the company should have a procedure to keep track of such information. Such procedure should be documented, and all employees should be trained in its requirements; otherwise, the company may not be in compliance with its records retention policy.

In conclusion, the time, effort and expense necessary to strictly maintain a records retention policy serves not only to organize a company's records, but also to protect the company in the event of litigation. In the event a business owner is not cognizant of the state's requirements or has not established a records retention policy within the business, immediate measures should be taken. It is always wise to have legal counsel review such measures to ensure legal compliance.

Susan E. Inverso is an associate of Hill Wallack where she is a member of the Litigation Division and the Administrative Law/Government Procurement Practice Group.