New Fed IT Rules - What to Save and What to Dump

January 04, 2007

Robert Brownstone, Law and Technology Director at Fenwick & West, exposes common myths about the new information destruction regulations and explains the legal risks of document retention and destruction in an article for Information Technology Advisor. Among the myths are that courts require companies to keep a copy of all electronic data, including email, that eDiscovery demands all relevant data be copied and sent to an a opponent in a lawsuit, and that data can be converted to other formats for easy transfer.

While it is not necessary for companies to hang on to every bit of data, they should develop well-crafted retention and destruction policies in order to protect themselves from legal risks. These policies may be tailored to fit each company's business needs. In general policies should:

  • Require data retention for statutory or regulatory periods
  • Employment and labor regulations
  • Audit and tax data rules (usually 7 years)
  • Contracts
  • Patent correspondences
  • Engineers' records
  • Corporate historical data

A good policy will also include a detailed litigation-hold or purging suspension procedure. In some cases, Brownstone also recommends that companies maintain a "privilege log" to explain to a judge why certain information, such as that which reveals attorney-client privilege, trade secrets, or private customer data, should not be disclosed.

Finally, Brownstone recommends that the best e-discovery defense is a good offense. In order to avoid a "smoking gun" email, users should be trained to not send an email that they would not want printed in the press, on a competitor's desk, in the government's hands, or read on a witness stand. At the end of the day, what does not exist cannot be used against you.

Read the entire article here.