Record Retention in an Electronic World

February 1, 2007

Employers struggle to reconcile traditional notions of record retention with the task of retaining and locating all of the data and records which were created and stored electronically. Employers should review their record retention and destruction policies, specifically addressing information and records which may be created and stored electronically.

Electronic Records
It is estimated that 93-97% of all information in the workplace is created electronically. Electronic information includes much more than emails and the internet. It includes computer systems, emails, internet, telephone, facsimiles, PDAs, cell phones, pagers, instant messaging, and all the documents or programs created by these electronic devices. Electronic records present potential problems as they can be unknowingly changed or deleted. Many contain information about the creation and modification of the record, called metadata. Additionally, electronic records can become unreadable as time passes and technology changes.

An understanding of certain technical details is critical to understanding electronic records. A computer file is not physically erased when it is deleted. It is a relatively straightforward process to recover “deleted” files, as long as new information has not been written over them.

Electronic documents also contain “data about the data,” called Metadata. Metadata is embedded data in an electronic document that a word processor (or other document creation program) keeps about the history of the document. The recipient of an electronic document can recover the data, which may include confidential information, information the creator thought was deleted, the name of the organization that created or worked on the document, information about prior versions of the document, comments inserted in the document during drafting or editing, your name or initials, your company or organization name, the name of your computer, the name of the network server or hard disk where you saved the document, other file properties and summary information, names of previous document authors, document revisions, template information, and hidden text.

Employers should review how electronic records are created, paying special attention to template documents that are used and saved many times. An employee making a claim against his or her employer may obtain documents in an electronic format and potentially learn information to support the claim. Email correspondence often becomes key evidence for an employee making a constitutional claim, a retaliation claim, or a discrimination claim.

The best approach to protecting yourself from problems with electronic records is to never create the electronic records or additional copies of the records in the first place. Be sure to have a well-drafted acceptable use policy that establishes rules governing internet use, emails, PDAs, laptops, and any other electronic devices provided for your employees’ use.

Document Retention
Federal, state and local laws require employers to retain many records. In addition to the legal requirements, employers also routinely document and retain records of adverse employment actions including discharges, demotions, disciplinary actions, and failures to give routine pay increases. Separate from legitimate business records, electronic records, for example in the form of emails, can become a particular problem for employers.

In order to avoid becoming a warehouse of evidence against yourself, a record retention and destruction policy that is comprehensive, up to date, and followed, is absolutely essential. Of course, a record retention policy must first comply with all federal and state regulations. A retention policy for business records, unregulated by federal and state law, must promote a business purpose and be adopted in good faith. The policy must provide for a reasonable retention period by category of documents and be implemented and enforced evenly. The policy itself should specify what files must be saved and provide a retention period for each class of files. It should specify storage location, storage media, and destruction processes. It should contain an explicit process to secure documents and files in case of litigation to avoid the inadvertent destruction of records.

Tips on Avoiding Liability 

  • Develop a records retention policy which promotes your business purpose.
  • Tailor it to retain necessary business records
  • Be sure all records that are required by statute, regulation, or contract are retained for the appropriate period of time
  • Establish litigation hold procedures to ensure that potentially responsive documents are not destroyed once litigation and/or government investigation is reasonably anticipated
  • Establish procedures to ensure the destruction of appropriate documents as their respective retention periods expire
  • Establish a document destruction policy that is sufficient to address your specific business needs and security requirements
  • Update the retention and destruction policies to comply with changes in technology and the law

Bottom Line
Be mindful of the fact that electronic documents are nearly impossible to completely destroy. A document retention and destruction policy tailored to your business needs and security requirements is essential.

To subscribe to email alerts from Axley Law Firm, click here.