eDiscovery Daily Blog

• October 25, 2010

 

Tell me about yourself and your experience.  I am a professor of law and ethics at Regis University College for Professional Studies in Denver, Colorado. The opinions expressed in this article are mine and are based upon my 25 years of experience consulting with public and private organizations.

Why is records management so important within the scope of eDiscovery?  Records Management is a sub-set of an organization’s overall information management. Take a look at the Electronic Discovery Reference Model (EDRM). Information management is on the far left-hand side of the model. An effective records/information management program is the most effective way for a company to reduce the volume of data that will become snagged in litigation hold, collection, production, and attorney review.

What are the most important concerns about corporate records and information management?  Organizations should be concerned about managing their corporate records for two main reasons: (1) the risk associated with regulatory compliance and litigation hold requirements, and (2) the cost of reviewing data to identify potentially relevant documents associated with litigation or an investigation.

What are the main risks associated with regulatory compliance and litigation hold requirements?  There are thousands of recordkeeping laws and regulations. A sound corporate records and information (RIM) program must be based upon legal research that identifies the applicable regulatory requirements (federal, state, and industry specific). Retention or destruction requirements apply to commonly encountered corporate records, such as job applications, employee medical records, and tax returns, as well as to the distinctive recorded information associated with specific industries, such as banking, insurance, pharmaceuticals, healthcare, energy, and telecommunications. Further, certain business records are subject to privacy legislation and regulations that protect personal information from unauthorized disclosure or use. Examples of U.S. laws with such privacy provisions include the Fair Credit Reporting Act (1992), the Health Insurance Portability and Accountability Act (1996), and the Gramm-Leach-Bliley Act (1999).

In addition to retaining corporate information to support a regulatory requirement, organizations must hold information that may be potentially relevant to litigation or an investigation. As a matter of fact, it is illegal for any organization to knowingly and intentionally destroy records relevant to pending or ongoing litigation or government investigations, even though their document management policies would otherwise permit such destruction. For public companies, the Sarbanes-Oxley Act of 2002 includes additional recordkeeping provisions and mandated retention requirements for certain types of records. It also criminalizes and provides severe penalties for executives and employees who obstruct justice by destroying or tampering with corporate accounting records. Most notably, the Sarbanes-Oxley Act created a new federal crime for the destruction, mutilation, or alteration of corporate records with the intent to impede or influence a government investigation or other official proceeding, either “in relation to or in contemplation of any such matter or case.” This provision expands upon previous laws relating to the destruction of records with presumed intent to obstruct justice.

How do you justify the cost of a good records management and information program?  With regards to litigation, size does matter. The cost of the litigation discovery process has a direct correlation to the volume of potentially relevant documents related to the matter. The smaller the population of potentially relevant data, the lower the costs will be from vendors to process the data into a searchable database and the lower the fees will be from outside counsel to review each email or document. Most organizations do not have an automated means to identify, collect, and preserve electronically stored information (ESI) based upon search criteria (key words, document type, document date or author). We hear the terminology megabyte, gigabyte, and terabyte used with regards to storage capacity of network servers, computer hard drives, and even portable “thumb drives.” To cost justify a budget for a new records/information management program, it’s important to convert the MB’s, GB’s. and TB’s into something to which management can relate. One megabyte of user documents is approximately one ream of paper. One ream of paper wouldn’t take the lawyers too long to review. However, one gigabyte of user documents if printed would be the approximate length of a basketball court and would require a team of lawyers to review. One terabyte of user documents if printed would be the approximate length of Long Island. It’s easy to see the economic and strategic advantage for an organization to be able to identify the smallest legally defensible data population (without duplicates) prior to handing over the data to vendors for processing or outside counsel for review.

About Kirke Snyder

Kirke has earned a law degree and also a masters degree in legal administration. He is an expert in document retention and litigation electronic discovery issues. He can be reached at KSnyder@Regis.edu.