By David Stern
Wink wink. Nod nod. “Here’s our retention policy: we don’t have one. HAHAHAHAâ€
On December 1, 2006, the Federal Rules of Civil Procedure were amended to better address digital discovery of company records. While there were many changes overall, they boil down to a few points:
•   Files, instant messages, and email must be properly stored to allow efficient retrieval
•   Corporate counsel must understand how records are retained and retrieved so that they can provide a description of all retained data
•   Electronically stored information must be available to facilitate rapid searches. The lawyers no longer have to wait for discovery paperwork.
The larger implication is that companies (and that probably means you!) must now implement or update their record retention program. This program must include C-level sanctioned policies and will likely require the appropriate technology solution to make it happen. Legal experts have warned that setting an unusually short retention period and then claiming that the records have been deleted will be seen as malfeasance. At the same time, there is not yet a single authoritative source for retention periods (and what they should be). The PCAOB’s Audit Standard 3 and the SEC both require 7 years, so setting your time to that range should not be out of the question.
While these rules only apply to litigation cases in Federal Court, these rules have historically worked their way down to the lower courts. Have your IT folks do some capacity planning to figure out how much can be retained within a reasonable budget. Marry those numbers with advice from the legal department and get your policies written. If you continue to ignore document retention, the joke will be on you.