May 18, 2016 DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA A Roadmap to Better Litigation Preparedness and Records Retention Practices
Anthony L. McElynn E*TRADE Chief Compliance Officer Robert Fowler, CIPP/US Jordan Lawrence Director of Professional Services Daniel M. Braude Wilson Elser Partner
Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance
Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance
Heeere s Johnny the Plaintiffs
A litigation cost differential may sometimes enable plaintiffs attorneys to engage in practices that resemble extortion. Prof. John C. Coffee, Jr. (1987)
E-Discovery Goal No. 1 Stay Out of Trouble ESI Preservation Practices
E-Discovery Goal No. 2 Control Costs Minimize Document Review Efforts
Data Minimization Potential Savings Offsite Records Storage Apply Retention Rules Eliminate Over Five Years 60% Over Three Years Electronic & Email Initial Volume Correction Manage Growth by Enforcing Policy 30% Over Three Years E-Discovery Reduce Volume of Discoverable Info Minimize Discovery Scope 25% Per Event System Performance Less Data to Process Retire Legacy Systems Significant
Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance
REGULATORY WHERE CLASSIFICATION STORAGE MEDIA BUSINESS NEED PRIVACY RECORD TYPE DNA SOURCE RETENTION USAGE MOVEMENT APPLICATION SENSITIVE
Accident / Incident Records Best Practice Retention: 5 Years 29 CFR 1904.33 Distribution Centers HR - Benefits Facilities HR - Regional HR Compensation Manufacturing Operations Health Information Government ID s Beneficiary # FMLA Dates of Service Patient Name Patient Address National ID Card # Partial Social Security # Social Security # Personal Information Financial Information Age Name Email Address Marriage Status Physical Address Telephone # Insurance Information Retirement Account Third Party, Cognos, SharePoint, Oracle Archive, Desktop, Email Inbox, Laptops, Printed, Shared Drives Box Warehouse, Department File Cabinet, Secure File Cabinet Applications Email Paper Employment Information Employment ID Employment Status Handicapped Status Medical Conditions Other Corp - Legal Actions EU - Health Status CDDVD, Laptops, Shared Drives Unstructured
Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance
Make Retention Rules Practical EASY TO UNDERSTAND. ENABLES ENFORCEMENT. BEST PRACTICE RETENTION. NO GUESSWORK INDUSTRY STANDARDS PROVIDE DEFENSIBILITY. CLEAR DIRECTIONS ENABLE COMPLIANCE. 18
Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance
Retention Rules For All Information VALID BUSINESS RECORDS LEGITIMATE RETENTION NEEDS OPERATIONAL INFORMATION RETENTION VALUE VARIES MOST INFORMATION HAS LITTLE RETENTION VALUE
Email Retention Rules Create an Actionable Email Strategy Non-Essential Emails NO LEGAL OR BUSINESS REQUIREMENT Inbox = 180 Days Sent = 180 Days Deleted = 180 Days Email Sub-Folder EMAILS CONTAINING BUSINESS VALUE Business General = 18 Months Exceptions BASED ON ROLE, FUNCTION OR DEPARTMENT Legal = 10 Years C-Level = 6 Years
Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance
People Process Technology Controls Change the Culture
People Process Technology Controls Focus on Business Needs
People Process Technology Controls Avoid Rules Without Tools
18 Months People Process Technology Controls RECORDS NON-RECORDS 6 Years 6 Years 3 Years 3 Years 18 Months Avoid Rules Without Tools
People Process Technology Controls Employee Training & Compliance Monitoring
Tracking Compliance
Show Your Work
Anthony L. McElynn E*TRADE anthony.mcelynn@etrade.com Chief Compliance Officer Robert Fowler, CIPP/US Jordan Lawrence rfowler@jordanlawrence.com 636.778.1681 Daniel M. Braude Wilson Elser daniel.braude@wilsonelser.com 914.872.7210 Director of Professional Services Partner
Thank you!
Anthony L. McElynn E*TRADE Chief Compliance Officer Anthony (Tony) McElynn is the Chief Compliance Officer for E*TRADE Capital Management, a registered investment adviser with approximately $3.2 Billion in assets under management. Tony is also currently leading the development of E*TRADE s compliance infrastructure to adhere to the DOL s new fiduciary regulation. From 2013-2015, Tony helped develop the records management program for E*TRADE which established new protocols for record retention and destruction. Prior to his appointment as Chief Compliance Officer in 2011, Tony was the Director of National Retail Services (NRS) at E*TRADE. While head of NRS, Tony led the team that created and launched E*TRADE s discretionary managed account products and also oversaw the front-line control infrastructure for E*TRADE s retail business. He earned a bachelor s degree from Villanova University and currently holds his Series 7, Series 8, Series 24, and Series 66 licenses.
Robert Fowler Jordan Lawrence Director of Professional Services / CIPP/US Robert Fowler is a Director of Professional Services at Jordan Lawrence, a leading solution provider for records retention, data privacy and information governance. He has over 10 years of experience in records management and information governance. Robert advises in-house counsel, compliance and privacy professionals in the areas of records management, data privacy and e-discovery and the confluence of technology in these areas. He plays a key role in the success and oversight of developing and enforcing effective, defensible and cost effective information governance programs that address information across all platforms and media.
Daniel M. Braude Wilson Elser Moskowitz Edelman & Dicker LLP 150 East 42nd Street New York, NY 10017 Tel 212-490-3000 New York Metropolitan Offices: 1133 Westchester Avenue White Plains, NY 10604 Tel: 914-323-7000 Dan Braude, co-chair of Wilson Elser s e-discovery team, centers his practice on complex litigation involving product liability and commercial disputes, with an emphasis on related electronic discovery and document preservation issues. Focused on the information lifecycle, Dan addresses the challenges associated with changing technology, cloud computing, and related data privacy and information security issues. In addition, Dan is a Certified Information Privacy Professional (CIPP/US) and he serves as an Adjunct Professor at Pace University School of Law where he teaches a course on e- Discovery.
May 18, 2016 DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA A Roadmap to Better Litigation Preparedness and Records Retention Practices