One for the record
One for the record
May/June Edition, 2008: Record retention and electronic records management should be a high priority for Australian businesses and all levels of government.
IT managers and administrators MUST deal with the reality that storage continues to outgrow every other data centre hardware cost. But the issues associated with growing volumes of electronic records clearly affect more than just storage: how are these documents being managed and protected so they can’t be deleted or altered — in the event of litigation for instance — and can be searched and found quickly and accurately when needed?
Is their retention being left to backups (versus archiving with policy-based retention) and is their disposition and destruction being managed or left to the whim of end users?
With more than 80 percent of company communication handled via email and instant messages, directors and managers should be confident that their organisation has policies in place that meet the needs of legislation, statutes and standards at the very minimum.
Many managers may falsely believe that their backup systems will protect them. But documents stored on backup systems can be modified and are not searchable online or easily accessible.
Main drivers
There are a number of important reasons for managing and archiving?electronic records. In addition to the legal and regulatory requirements for keeping electronic records (after all, they carry just as much evidentiary weight as paper-based records), organisations can have their own policy needs for preservation of their corporate memory.
However, while there are sound business continuity reasons for retaining records (and most end users want to keep everything forever), organisations need to balance the benefits of records retention with the costs associated with storage and the potential risk of retaining records.
Australia’s federal and state?legislative system includes a raft of?industry regulations that require organisations to preserve records for minimum periods.
Then there are state-based laws that apply to any organisation with dealings in that state. Victoria is the first state to create a specific document destruction offence whereby a corporation can be prosecuted in circumstances where there was no direct instruction to destroy a document but it was implied by the corporation’s culture. In addition to destroying a document, it is also a crime if they prevent the documents being used in evidence, such as concealment or rendering them illegible. This includes emails and?their attachments.
Litigation ready
Archiving can also mitigate legal risks with legal holds dictating which records should be retained for current and future legal matters. Electronic discovery is becoming increasingly prevalent in litigation and, with the new Federal Court Practice Note due to be introduced from 1 July 2008, organisations need to ensure their technology supports their requirements for litigation readiness.
The Court’s aim is for parties involved in litigation to use technology, policy and education to proactively preserve and manage electronic documents that may fall within a notice or order for discovery.
The enormous costs involved in litigation and court discovery orders — not to mention the adverse effect on reputation and brand — is one reason why companies are implementing electronic archiving software. Even the threat of a legal discover order, which can cost millions to complete, often sees companies settle out of court rather than pay to have it undertaken.
Controversies over emails are increasingly being aired in the media, with many reputations tarnished and large fines imposed. In recent years there have been many companies that have been unable to comply with regulatory or litigation requirements for emails and have suffered as a consequence.
If organisations haven’t already implemented policies and procedures that manage the retention and disposition of their corporate records for e-discovery, then they should commence investigations and conduct an audit as soon as they can.
A process that automatically enforces policies is essential to ensure a compliant framework throughout the organisation. This facilitates expert recall for legal discovery and compliant destruction for ongoing risk mitigation.
Ideally, the framework implemented would comprise a centralised and integrated archive that would not only manage the retention of all electronic records, regardless of its originating application, but also their destruction, which is equally important. This would include not just emails, but all other electronic records including instant messages, desktop documents, ERP systems, images, voice and video.
There is no “silver bullet” to records retention. Organisations need to ensure the right combination of process, user education and technology to enforce corporate-level policies.