Document retention may sound as exciting as watching concrete harden, but bear with me.
Document retention has become a hot button item in the courts these days.
If your bank is a party to litigation, or reasonably anticipates becoming one, it has a duty to put a "litigation hold" on all documents that might potentially be relevant to the dispute. The term "document" is media-neutral: it includes e-mails and other electronically stored records, as well as information stored on employees' phones, iPads, and other personal communication devices.
Recently, the U.S. Department of Justice initiated a criminal action against an employee who intentionally deleted 100 text messages between himself and his supervisor from his iPhone, when he learned that his electronic files were being collected in connection with a "litigation hold."
That employee faces up to 20 years in prison and a maximum fine of $250,000.
The E-discovery monster
The problem is that electronic technology allows us to create, send, and store huge amounts of information at little or no cost. Data that no longer serve a useful purpose are kept just because it is too much trouble to sift through it and delete it.
However, if the information still exists, it must be produced in discovery, no matter that your document retention policy says it should have been destroyed years ago. Even if it is not damaging to the bank's position, the costs of collecting, processing, and producing electronically stored information are enormous.
E-discovery is the scary downside of not having a comprehensive document retention policy, or worse, not following the policy you have.
Drafting, updating, and enforcing a document retention policy is one of those unglamorous but essential tasks I seem to have been harping on recently. (Such as "Time to Schedule an HR Checkup" and "Bank Employee Handbooks: What to Look Out For")
Three steps to an effective document retention policy
I hope what I've said has you thinking hard about retention policies. If you don't have one, create one--today!
1. Define your terms. A "record" is information that the bank must retain for business reasons (for example, to record a transaction, to evidence the bank's rights or obligations, or to ensure operational continuity) or to satisfy legal, accounting, or other regulatory requirements.
"Disposable information" is not a "record." It can and should be destroyed after it has served its temporary useful purpose. An example might be notes taken of a candidate's responses during a hiring interview. Once all candidates have been interviewed and a selection made, there is no need to keep these notes.
2. Create a records retention schedule. Once you have separated records from disposable information, make a chart that lists the type of record and the amount of time the bank must retain the record.
Unless there is a pressing business reason to hold onto records for longer than the legally required minimum retention period, let that be the maximum period too. (Note to subscribers: ELC's Bankers' HR Toolkit contains recordkeeping requirements for employment records.)
3. Assign roles and responsibilities. Establishing or modifying the document retention policy is typically the task of a committee involving employees from the Compliance, HR, and IT departments. Once the rules are in place, it is a good idea to designate an individual within each branch or department as the records coordinator to help ensure compliance.
The records coordinator should be familiar with the relevant records and their retention periods. This person will know the most about information management challenges at their location, and will be able to answer questions from colleagues. They will be familiar with the procedure for suspending routine document destruction when a litigation hold is put in place, and will be able to help if documents need to be identified, collected, and produced in discovery.
However, all employees share the duty of understanding and complying with the bank's document retention policy. To this end, the policy should be written in clear and simple terms, and you should educate employees about how to identify and maintain information that has a business purpose.
The comprehensive approach
While the theme of this blog is to warn against unnecessarily retaining electronic information, an effective document retention policy goes well beyond that. As well as adopting programs that regularly delete e-mails, instant messages, text messages, and voicemails, consider how the bank addresses the entire information lifecycle: data creation, transfer, identification, retention, retrieval, and destruction.
- • How could these issues be handled more efficiently?
- • How does the document retention policy coordinate with other policies, such as privacy, or employee computer use?
- • What is the impact of technology updates or organizational changes on the document retention policy?
For those who want to research this topic further, the two leading authorities on information management are the Sedona Conference which has published Guidelines available here, and ARMA International, whose Generally Accepted Recordkeeping Principles are available here.
And in your spare time ...
Yes, I know, HR professionals at community banks are already busy putting out fires, getting payroll done, answering benefits questions, screening job candidates, and riding herd on performance appraisals.
If only you had the time to step back, evaluate, and update the bank's document retention policy, you think.
This is one of those tasks that seem non-essential, but carry a significant risk for the bank in the event that it is involved in litigation or a government investigation.
Then it will be too late to delete those ancient e-mails.