Managing Your Record Retention Policy Safely

Transcription

1 Managing Your Record Retention Policy Safely

2 Client and counsel have a duty to preserve materials with potential evidentiary value. The preceding discussion told us about the duties of lawyers and clients when dealing with data, paper or electronic, in proceedings: criminal, civil or administrative.

3 Duty to Preserve When does the duty to preserve materials with evidentiary matter attach? Concerning attachment, consider the concept of a trigger point: A point in time where the client, and/or the lawyer, knows enough to reasonably anticipate a proceeding involving the client where the client must preserve relevant data.

4 When might a trigger point occur? When the client hears of investigators in the field. When whistle blower reports appear in the press. When agencies begin private or informal inquiries, When the client receives an agency investigative demand, a Grand Jury subpoena or an indictment. When the client is served with a summons and a civil complaint or a criminal summons and indictment.

5 At all these points and others, the duty to preserve evidentiary matter applies. Let us consider the client s opportunities and obligations at four points in time: before proceedings threaten, when proceedings are imminent, when formal proceedings begin and after the data request arrives:

6 Before Proceedings Threaten Be alert for any event that triggers client s preservation obligations Offer the client a record management education Identify key client IT personnel Identify key client line managers Implement client s record management plan Evaluate client s document destruction and retention practices, back-up protocols, tape rotation and recycling schedules, etc. Encourage regular client audit of discovery compliance and practices Anticipate an eventual client discovery obligation

7 Here are some major elements of the client s record management plan:

8 Main Reason for Improper Destruction Poorly designed record retention programs Record retention program not administered properly Record retention program no audited properly

9 When Should Record Destruction Be Suspended? The record retention policy must contain specific directions about when and to what degree the record retention program should be suspended All compliance with the record retention policy should be documented Regular auditing of the record retention policy will assure that records are actually being destroyed/retained pursuant to the policy

10 Process for Destroying Records A record retention policy should provide specific guidance on the process for destroying records. Including the time of file reviews A description of circumstances in which records can be discarded or shredded Identification of individuals who have authority and responsibility for destroying records

11 Procedures for Destroying Records Notice of intent to destroy Monitor transfer of records Monitor destruction of records

12 Anticipatory Obstruction If you know that a subpoena will be coming, you may violate the obstruction of justice statute

13 Solution for Avoiding Problems The record retention program must be routinely followed, not just when there is a problem Non-destruct memoranda should be sent to employees if an investigation is anticipated Create a record retention policy at a neutral time where possible Manage and audit the record retention policy to insure compliance is to be done regularly (e.g. issue periodic reminders) The Arthur Andersen jury foreman stated that the shredding showed that AA had not trained its people very well

14 18 U.S.C. Section Sarbanes- Oxley Whoever knowingly destroys or conceals a document with intent to impede an investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States may be imprisoned up to 20 years.

15 When Proceedings Are Imminent Alert client IT and records management persons about document preservation obligations to identify and preserve potentially relevant data Alert company management to distribute an internal non-destruct memorandum Determine the need for forensic discovery assistance Consider an exchange of data preservation notices where possible

16 Government Requests Information Identify documents and data to be produced Select a records custodian Develop a process for producing documents Produce the responsive documents Preserve and assert attorney-client/work product privileges Avoid improper destruction

17 Benefits of a Legal Freeze Preservation of key facts necessary to advise the company Prevent obstruction of justice allegations

18 Implement a Legal Freeze Send a non-destruct memorandum Formally communicate with all employees that have relevant documents

19 Contents of a Non-Destruct Memorandum Clearly identify the types of documents to be preserved Have the memorandum come from high-level officials Identify all recorded information, such as electronic data Identify a person who employees can contact with questions

20 Select a Records Custodian to Gather Requested Records Send memorandum to records custodian documenting her/his tasks Non-Lawyer No knowledge of facts

21 Tasks of the Records Custodian Identify all departments, offices and employees with potentially responsive documents Identify former employees who may possess responsive documents Consult with IT personnel to develop a search protocol for responsive computer data Segregate all documents produced so that they can be identified by source Keep all documents in a locked room with limited access Bates label all documents with control numbers Copy and produce copies rather than originals where possible

22 Records Custodian Sends Memorandum to Employees Paraphrase the specific language of the subpoena so that the employees can identify relevant records Instruct employees to thoroughly search all files and computer records within their possession, custody or control in a non-destructive way Instruct employees to identify documents that may contain attorney-client privileged information Identify a specific date for the employees to produce relevant documents

23 Send Questionnaires to Employees Have each employee identify the types and categories of responsive documents in their possession or that they are aware of Have each employee identify responsive documents that are off site Have each employee complete a questionnaire to develop a strategy and information

24 Benefits of Questionnaires They identify persons who have knowledge of particular transactions They can reduce costs by eliminating persons who do not have relevant information

25 Contents of the Questionnaire Questions should require a yes or no answer The questions should ask whether employees have knowledge of particular transactions Whether the employee participated in the transaction Whether the employee has documents that could be relevant to the subpoena

26 When Formal Proceedings Begin Prepare to discuss e-discovery issues during any pre-discovery, pretrial or prehearing conference In federal civil proceedings for FRCP Rule 26(a) e-data disclosures Prepare to discuss e-discovery issues at the FRCP Rule 26(f) conference Determine if you will propound e-discovery requests to the opposing party(s) Schedule a FRCP Rule 30(b)(6) deposition Ensure document requests include electronic data Ensure document requests focus on specific custodians, time periods, and key issues Determine choice of document production format

27 Reviewing Records Collected from Employees Identify objective factors that all team members can use for selection, such as information sent to a particular person or within a particular time period

28 Analyze the data request After the Data Request Arrives Identify relevant locations and custodians of information Gather responsive information efficiently and defensibly Review materials for relevance and privilege or other potential objections to disclosure Produce required information in an appropriate format, on appropriate media

29 Record Review Segregate and classify documents Preassembled documents (e.g. minutes of meetings) Employee files (e.g. and memoranda) Raw corporate data (e.g. receipts, checks and bank statements) Third party documents

30 The Attorney-Client Privilege: Maintaining Confidentiality The attorney-client privilege prevents an attorney from disclosing information to anyone other than his client if the Information is privileged.

31 Attorney-Client Privilege Defined Communications made in confidence Between a person who is or is about to become a client To a lawyer For the purpose of obtaining legal advice or assistance

32 Attorney-Client Privilege Log Identify all privileged documents Compile a privilege list The privilege list will contain date, document and subject All documents will be bates labeled

33 Kroll Ontrack s Top Ten Data Collection Pitfalls At this point it is appropriate to consider: Kroll Ontrack s Top Ten Data Collection Pitfalls

34 No. 1: Failing to Have a Data Collection Plan A data collection plan should include: Relevant information sought Potential data locations and key players Internal and external contact information Procedural guidelines Documented chain of custody instructions An inventory of forensic tools A summary of anticipated business continuity issues and resolution plans

35 No. 2: Failing to Prioritize the Data You must thoroughly define the scope of data collection by identifying and prioritizing the following: Who? List of custodians/key players Why? Computer forensics or electronic discovery What? Workstation, NWS, department share, server , local When? Current and/or historical data How? Corporate IT, law firm, 3 rd party

36 No. 3: Neglecting to Conduct Thorough Interviews You must sit down with IT and thoroughly interview them.

37 No. 4: Ignoring Key Data Locations & Important File Types Consider more than or word documents. You may choose different collections for different groups. Potential sources of relevant data may include: Workstations File share and network share Archival tapes systems attachments Hosted Other physical locations

38 No. 5: Having IT Perform on Onsite Collection An IT person should not perform an onsite collection if it: May raise conflict of interest concerns May lack requisite training and skills May lack tools and equipment to handle the job May be unable to handle the additional workload

39 No. 6: Do-It-Yourself Data Collection Untrained individuals should not attempt to perform data collection.

40 No. 7: Dangerous Desk-side Collection Dangerous desk-side collection practices: Forwarding to a central box for collection Directing employees to print relevant documents themselves

41 No. 8: Failing to Mirror Image vs. Imaging Excessively A mirror image is necessary when conducting an investigative and detailed analysis. A mirror image is not necessary when data is accessed but not analyzed.

42 No. 9: Ignoring Alternative Names Relying on one version of a name for data collection may cause you to miss crucial data. You may have data collection issues with a person s names or ID numbers.

43 No. 10: Failing to Maintain Proper Chain of Custody What media was received Who authorized its removal Who the users were.

44 ANY QUESTIONS? Bob Webb Frost Brown Todd LLC 400 West Market Street 32 nd Floor Louisville, KY (502) Ken Tuggle Frost Brown Todd LLC 400 West Market Street 32 nd Floor Louisville, KY (502)