Some years ago, an attorney hired a CPA to help him build a case against another firm. The case seemed cut and dry and to prove it, the attorney and CPA sought to obtain the defendant firm’s audit records for the prior three years. There was just one problem – all the records had been destroyed.
Upon first glance, the CPA was aghast that such records wouldn’t be retained for at least three years, but the wisdom soon became apparent. The defendant was a national firm that had learned from years of experience that the sooner it could dispose of records, the better. In this case, the firm’s record retention policy stated that work papers related to former clients would be kept for only one year after the date of the last work performed. Since the defendant firm strictly followed its retention policies, there was no way to claim that the record destruction was designed to destroy potentially damaging evidence - and the lawyer’s case fell apart.
This one case highlights the extreme importance of establishing and following a viable records retention policy. In this case, it was relatively easy for the firm to enforce its policies, as the records in question were all paper records. Today, however, document storage and retrieval is far more complex, since the vast majority of business correspondence either originates, or is stored, electronically. All you have to do is ask Martha Stewart how important an e-mail can be in losing a legal battle and you can understand the risks in electronic communication.
In the good old days (i.e. the days when records were predominantly paper), it was far easier to keep track of your inventory of documents. All you had to do was walk down to the file room and there they were. Today, there are numerous places where documents can be stored, both internal and external.
External sources that might put you at risk originate, in large part, from e-mail and online collaboration. How many times have you received an e-mail response to a business question from a third party? More importantly, how many times have you forwarded that e-mail to one or more colleagues? If you are likely to forward an e-mail to someone within or without your organization, remember that the people receiving e-mail from you will do the same thing. The same holds true of drafts of contracts and other business documents produced in the course of negotiations. What do you want to bet that the other party to a negotiation keeps drafts of contracts?
Internal risk sources include every computer in your company and every keystroke on those computers. Many people believe that simply pressing the delete key will remove evidence on their hard drive. This could not be further from the truth - what it does is remove the address of the information from the computer, but not the content. It’s like having an unlisted telephone number - the average person might not easily find your number, but you still have a telephone.
Employees are a huge source of internal risk. Let’s face it, even though the office e-mail is meant to be purely business, personal conversations often crop up, if only between co-workers. Inter-office communications, the cyber equivalent of water cooler banter, can take on a whole new meaning in a court of law.
Seldom is a business communication finished in one sitting or without starting from some form of note. Notes supporting business communications and drafts can be another source of risk in the electronic age.
One rule of evidence is that you can never destroy documentation once litigation is reasonably anticipated. While lawyers will argue over what “reasonably anticipated” means, if we laymen think there may be litigation over an issue, we need to think long and hard before destroying any documentation. This can be particularly problematic with electronic records because of the number of places documents can hide. Even the simplest of errors, like overwriting a tape during a routine daily backup, or an employee’s inadvertent deletion of an e-mail or document, could have tremendous negative ramifications.
Failure to maintain adequate controls and document retention policies have resulted in judges giving “adverse inference” instructions to juries. Essentially, an ‘adverse inference instruction’ means that the jury can consider a defendant’s failure to produce requested electronic documentation as an indication the records would have been harmful to the defendant.
Document retention policies that define what data is retained, and for how long, can go a long way in rebutting the presumption that documents were destroyed to hide evidence. A good place to start with such a policy is to define what documents even need to be retained. For example, how long will you keep invoices or an e-mail? Legal requirements of state and federal agencies with jurisdiction over your business also need to be considered.
The purpose of this article is not to give you a detailed listing of documents and how long they should be retained. Rather, it is intended to help you understand the importance of establishing and monitoring a viable record retention policy. When the stakes can potentially be as high as losing your business, it’s apparent that proper handling of your information is crucial.
Have a terrific Thanksgiving.