There is a records retention crisis in the world of business.
We know of large organizations that have more data in their IT systems then they have back up cycles available to preserve it. At the same time, these organizations have warehouses full of paper, some of it going back 50 to 75 years. We have also seen organizations that have many hundreds of thousands of tapes in storage, some of them 25 years old (and for which they no longer have the hardware or software to make use of the tape). This torrent of information is growing ever larger (See e.g., George L. Paul and Jason R. Baron, Information Inflation: Can the Legal System Adapt? 13 RICH. J.L. & TECH. 10 (2007), http://law.richmond.edu/jolt/v13i3/article10.pdf
Notwithstanding this ever-growing torrent of information, organizations have an obligation to identify, classify and, in many cases, produce this information for purposes of regulatory compliance and eDiscovery. The common wisdom and advice to organizations facing this situation is to start by putting a Records Retention Schedule in place. The underlying philosophy behind a Records Retention Schedule is to keep what you need to keep to run your business and to comply with the law while disposing of everything else. The standard retention period usually ranges between 30 days (especially for email and other messaging media) to 10 years – all subject to suspensions of the clock for Legal Holds. At the end of this period, records are subject to “disposition” actions, Records Management speak for either determining to keep something in perpetuity (typically for corporate vital records) or destroying the records.
In the face of this difficult challenge to bring order to what IBM likes to call the “digital landfill’ some clients ask, “why bother?” Given that courts or regulatory enforcement agencies only penalize organizations if they have destroyed or failed to produce what is required, they ask, “Why don’t we just keep everything?” Admittedly, IT rather than Legal folks typically pose this question because for IT folks keeping everything simply translates into more IT capacity and they are rarely averse to adding more IT capacity. So then, here are six good reasons not to just keep everything:
- It increases litigation costs.
In a well-known case study DuPont examined the corpus of documents it was producing in nine litigations. They found that 50% of the records they were going to produce were past the date of ‘disposition’ according to DuPont’s Records Retention Schedule and that the cost of this over-retention for just the litigation support fees in these nine cases was approximately $12 million. Extrapolate this number, year after year, to the number of cases in a typical litigation docket of a large corporation and you are talking about very large amounts of money.
The increase in litigation costs is not just for litigation support processing costs; documents are fodder for discovery. Every additional document kept and produced that need not be kept translates into more depositions, more questions in each deposition, more interrogatories, requests for admission, etc. It is probably no coincidence that one well known music company president I knew kept no personal documents except for his calendar; he was a former litigator and know how much additional time he would spend in discovery if he kept an office full of documents. He sent everything he wanted to keep to corporate files and trashed the rest.
- It potentially increases liability
Some people are of the opinion that keeping everything provides the ability to find the “white knights’, the exculpatory documents that will win the case, but a 2006 survey by Lawyers Weekly found that 4 of the top 10 jury verdicts in 2005 were directly related to ‘smoking guns’ discovered in email systems. It may well be that these emails were properly retained under a corporate retention program but given the 50% over retention figure noted above, in all likelihood some were unnecessarily retained.
So, is it impermissible to set up a retention program partially motivated by keeping records out of the hands of some future litigant, absent a particular preservation obligation?, not according to the Supreme Court. (See, Arthur Andersen LLP v. U.S., 544 U.S. 696, 704 (2005) “‘Document retention policies,’ which are created in part to keep certain information from getting into the hands of others, including the Government, are common in business ….”).
The liability issues are not solely litigation related, the more records you maintain without control, the more risk you entertain with respect to privacy, secrecy, copyright, disaster recovery and other information management issues.
- It increases infrastructure costs
One of the dirty little secrets of over-retention addicts is that they are not simply keeping everything; they are keeping 20 copies of everything. With the growth of the markets for email and application data archiving solutions, both Gartner and Forrester have reviewed the state of over-retention and have concluded that it is a good planning parameter to assume that there is a 20:1 duplication ratio in any large organization. Think about that as you prepare your IT budgets; for every 20 Terabytes of data you are managing, you could reduce it to 1 Terabyte simply by deduplicating. This does not even get into the issue of reducing retention by the application of a retention schedule; simply keeping only one of everything will get you a 20:1 reduction.
Keep in mind that it is not simply storage you are reducing through deduplication, production email and applications usually run on highly redundant, highly available systems, the most expensive kind of computing environments. Archiving systems usually can be run on less expensive platforms.
Under most properly planned records management programs, where a record is to be retained under the program, a single ‘copy of record’ is retained and any other copies (sometimes called ‘convenience copies’) are disposed of. While it is typical that all copies of a record are preserved for purposes of a Legal Hold, here we are discussing records preservation absent a legal hold on a particular record.
- It increases insurance costs
Insurance companies have recognized that businesses that do not have well designed and managed programs for Records Management and eDiscovery have higher litigation costs and probably, higher risk of liability. Therefore, both AON and AIG for example are now considering this in their underwriting of general business and directors insurance and are charging premium rates for businesses that maintain “digital landfills” while providing discounts for businesses that are attending to their Records Management and eDiscovery preparedness needs.
- It sends a signal that you are not in control of your records
As noted above, there is no practical business reason to keep everything nor a legal requirement to keep everything while there is considerable financial incentive not to keep everything. This being the case, it is fairly natural to assume that the reason a business chooses to keep everything is that it is very afraid it will be unable to retain what it needs to retain or find what it needs to find absent the draconian decision to keep everything. This in turn sends out a signal to Plaintiffs that, for this Defendant, discovery will be a very expensive proposition and it is much more likely that this Defendant – with all that ESI- will more easily run afoul of its discovery obligations. In other words, this business can be more easily induced to settle a case. This is not a good image to project.
- It increases the likelihood of overly broad legal holds
In the course of the eDiscovery preparedness consulting engagements I have participated in I have noticed that the very same succor that ‘keeping everything’ provides to the IT staff can also trickle down to the lawyers. Where the company is going to keep everything anyway, it seems there are more legal holds that preserve entire IT applications or that there are 25 overlapping legal holds on the entire email system for many years running.
If the company policy is to keep everything forever, it is going to be very difficult to argue that any given hold represents a burden or undue cost. Moreover, we usually find that in these same companies, there is no program for IT chargebacks for legal holds, so the cost of the hold becomes an amorphous part of the overall IT infrastructure cost. How much does this cost in total?; it is difficult to say but there are cases in which a hold on a single large application was found to cost $27,000 per month (See, Douglas L. Rogers, A Search for Balance in the Discovery of ESI Since December 1, 2006, 14 RICH. J.L. & TECH. 8 at p22, http://law.richmond.edu/jolt/v14i3/article8.pdf). So look at the number of applications you have on hold, the number of active holds you have and do the math.
I hope you see that keeping everything is not a panacea for addressing the compliance and eDiscovery issues attendant to IT systems. If my experience is any guide, if a business has attempted to keep everything, eventually, it will determine that this is no longer a sustainable policy and that now this decade’s old ‘digital landfill’ must be cleaned up. In later posts, I will discuss how to go about doing this.
Complianceguy's Blog 