CSO

Following up on my last posting, this week I talk about the basic elements of a document retention policy.  While a review of the broad range of applicable laws cannot be addressed here, there are certain general guidelines for the establishment and implementation of a retention program that should be considered in developing a policy:

• Records should be kept as to the decisions made in creating the policy (i.e., the thought behind which documents will be retrained and for how long).
• The policy should clearly define the types of documents to which it will apply.  In particular, electronic documents such as e-mail and Instant Messaging should be specifically identified.  If certain electronic documents are to be stored in designated locations, those locations should be clearly identified.
• The retention period for each type of document should be listed.
• Procedures should be provided for excepting certain documents from the program (for example, copying files to a specified directory on the LAN used to store important “permanent” files).
• The policy should describe how the retention program will be implemented (for example, the network will be programmed to automatically delete e-mail more than 60 days old).
• An individual or group of individuals should be specified as being responsible for maintaining the program and responding to questions about its implementation.
• An audit procedure should be developed to ensure the retention policy is properly implemented.
• In the event of a pending or threatened claim that would give rise to an obligation to retain documents that might otherwise be destroyed, procedures should be specifically defined for exempting those documents from the destruction process.
• Perhaps the most important guideline for implementing a retention program is to establish procedures to ensure the program is uniformly applied.