Michael Sands, Chair of the Electronic Information Management (EIM) Group with Fenwick & West, was quoted in the InfoWeek article entitled, "Records Retention: Practice What You Preach."
If your organization is going to claim in court that records aren't available because they've been destroyed, be prepared to back up that assertion with a retention and disposition policy—in writing. You should also be prepared to demonstrate how the policy is implemented and how employees are trained in retention and disposition. When creating the policy, IT, legal, and compliance officers need to be involved, as do line-of-business managers. But don't forget the people who actually create the content.
Whatever you do, don't write a policy and then fail to follow it. "That's arguably worse than not having a policy at all," says Michael Sands. Many in-house lawyers see retention and disposition as a checklist item, he says. They get a sample policy, slap the company logo on it, put it in a drawer, and forget about it. That's dangerous.
"When a company has a 'policy' that they aren't following, they have defined their own standard of care that they have then failed to meet," Sands says, adding that if your opponent can show that you say one thing but do another, you've already lost.
"If you say, 'We don't have e-mail from the following people prior to March 2006,' courts are generally going to accept that as long as it's supported by a declaration from someone in IT explaining retention and disposition policies and practices," Sands says. "A court isn't going to make you prove a negative."