Jump to Navigation | Jump to Content
American Bar Association

ABA Section of Business Law

Volume 13, Number 1 - September/October 2003

Retention: More important than ever
In the name of compliance, BLT presents another perspective on dealing with records
    By Rae Cogar and R. Thomas Howell

It is impossible for an organization to achieve acceptable legal compliance without an appropriate and functioning records retention program. Why? There are three distinct but important reasons:

  • Records retention is an important substantive component of many of the laws with which most corporations must comply;
  • Retained records are often the vehicle by which compliance is established; and
  • Records that have been improperly disposed of can create monumental compliance and litigation problems.
This article deals with why a good records retention and disposition policy is critical today — in the context of corporate compliance and responding to the demands of discovery in litigation and governmental investigations.

Why is a records retention policy needed? Records are some of the critical assets in the operation of any business organization. Just as other business assets — such as financial assets, physical and intellectual property and human resources are managed with policies and procedures — "operational" assets need to be afforded the same level of governance and financial resources. Without a legally correct policy, there is frequently a question of impropriety in the destruction of records, even in the regular course of business. Documenting the process with a well-established policy and procedures will serve as a justification in litigation as to the propriety of records disposition.

It also is good business practice. Having a policy assures that a company is retaining the records needed for regulatory, compliance, legal and business purposes and is properly disposing of those records when they are no longer needed. Disposing of records in the regular course of business removes unneeded and unnecessary records which, if retained, would be subject to discovery. It also eliminates the considerable cost involved in reviewing old material for discovery relevance, in addition to the substance of what it might contain.

So, what is a business record? There is no simple, clear definition of a business record. Not every piece of paper or every bit of data is a record. Some materials used for reference purposes are merely that, reference documents, not business records. However, given the litigation-discovery backdrop behind records retention and disposition, it is useful to look to the "Business Record Exception" to the Hearsay Rule contained in Section 803(6) of the Federal Rules of Evidence. It provides a good description of a business record, and encompasses any media format, electronic, hard copy or other:

(6) Records of regularly conducted activity. A memorandum, report, record or data compilation, in any form, of acts, events, conditions, opinions or diagnoses, made at or near the time by, or from information transmitted by, a person with knowledge, if kept in the course of a regularly conducted business activity, and if it was the regular practice of that business activity to make the memorandum, report, record or data compilation, all as shown by the testimony of the custodian or other qualified witness, or by certification that complies with Rule 902(11), Rule 902(12), or a statute permitting certification, unless the source of information or the method or circumstances of preparation indicate lack of trustworthiness. The term "business" as used in this paragraph includes business, institution, association, profession, occupation and calling of every kind, whether or not conducted for profit.

Using this as a baseline, any records or documents created by a business organization that do not meet the above criteria are not considered business records. Having a definition will make operational record-keeping decisions easier.

There also is a distinction to be made between a "document" and a "record." Documents are generally those items that are an accumulation of data, provided in a particular format. Some documents are "controlled" documents that have a history of every change made to that document, such as policies and procedures.

Records, however, is a broader, more inclusive, classification. You may have electronic logs, which are computer records, but they are not "documents." Note that the phrase used in the Rules of Evidence is "Records of regularly conducted activity," not documents. Every organization's files, hard drives and other repositories contain a great deal of material that should not be designated a "record" for business purposes.

There must be a well-defined method for managing material defined as records — retaining what is needed and eliminating what is not. While a standardized methodology has been developed for creating records retention programs, there is no off-the-shelf program that can be installed one day and in use the next. Each retention policy is created to the specifics of the individual business. Although there are many records management software programs available, the results of these programs rely on information contained in the company's records retention policies and procedures.

The first step in creating a good records retention policy is to determine what items will constitute "records" subject to the policy. To make this determination, an inventory must be conducted.

The inventory includes all records created by all departments and users, in all media formats, and found in all locations. In the inventory process, records are grouped into record series. These series provide descriptions of the functional purposes of the business records and may include many types of records that support the same or similar functions and will have the same retention requirement.

Once the inventory has been completed, the retention period must be determined for each record series. All records created for regulatory compliance will have common retention periods, even though the use of those records may vary from business to business. There also may be more than one regulatory requirement for the same business record. The regulatory requirement with the longest retention period will be the one that governs the retention of the records series.

One important factor to understand is that retention periods stated for any regulatory or statutory purpose should be considered minimum retention periods – the shortest period of time a record must be held. This retention period should be viewed as the time when disposing of a record can first be considered, rather than when you must dispose of a record.

It is important to note here that in litigation, when disposition of a record according to a record retention policy is raised as a reason for nonproduction of records, courts will look into the reasonableness of the retention period. In In re Lewy v. Remington Arms Co. Inc., 836 F2d 1104 (8th Cir. 1988), the court had given instructions to the jury that because Remington had failed to produce documents, they could infer that those documents could have been harmful to Remington's case (a so-called "adverse inference"). Remington argued that the documents had been destroyed following its record retention policy.

The records in question were customer complaints and gun examination reports. Under the retention policy, these records were "required to be retained for a period of three years and if no action regarding a particular record was taken in that period, it was destroyed."

On appeal, Remington objected to the instructions, arguing that "destroying records pursuant to routine procedures does not provide an inference adverse to the party that destroyed the documents." The appeals court did not decide the issue but remanded the case to the trial court for retrial. The court did, however, instruct the trial court what to consider:

First, the court should determine whether Remington's record retention policy is reasonable considering the facts and circumstances surrounding the relevant documents. For example, the court should determine whether a three year retention policy is reasonable given the particular document. A three year retention policy may be sufficient for documents such as appointment books or telephone messages, but inadequate for documents such as customer complaints. Second, in making this determination the court may also consider whether lawsuits concerning the complaint or related complaints have been filed, the frequency of such complaints, and the magnitude of the complaints. Finally, the court should determine whether the document retention policy was instituted in bad faith. Id. at 1112.

The appellate court went on to state: "If the corporation knew or should have known that the documents would become material at some point in the future, then such documents should have been preserved. Thus, a corporation cannot blindly destroy documents and expect to be shielded by a seemingly innocuous document retention policy."

Decisions are frequently made to retain records longer than their prescribed minimum because of other factors, such as a continuing business use, internal audit requirements or historical value. Whenever retention periods are lengthened, a determination should be made identifying the potential risks and costs to the company.

A review of pertinent statutes of limitations is also needed when determining record retentions. Statutes of limitations define the time period an organization can sue or be sued on a matter, or the time period in which a government agency can conduct an investigation or audit. While statutes of limitations in themselves are not required retention periods, they should be a factor in determining risk for a company when deciding how long to retain records.

A decision can be made to eliminate records before the statute of limitations has run, but such a decision will have its own set of risks that should be carefully considered. All decisions relating to extending or shortening prescribed retention periods should be documented and retained.

Once retention periods have been determined, the next step is to develop the policies and procedures that will govern the implementation of the schedules. One of the most important policies relates to the suspension of records destruction in the event of imminent or current litigation, receipt of subpoenas, government inquiries, audits or any other type of event that might warrant such action. When the records may be needed beyond the defined retention period, a methodology must be in place that immediately notifies all appropriate persons of these actions.

In In re Prudential Inc. Co. of America Sales Litig., 169 F.R.D. 598 (D.N.J. 1997), the court issued sanctions based in part on the failure of senior management to properly manage the discovery process and to prevent document destruction. The court found, after reviewing the facts, that, "It [Prudential] has no comprehensive document retention policy with informative guidelines and lacks a protocol that promptly notifies senior management of document destruction. These systematic failures impede the litigation process and merit the imposition of sanctions." Id., at 617.

Under this order, Prudential was fined $1 million, and was required to take other constructive actions throughout the time of the lawsuit, which included notification of the action to all employees.

During the discovery process in this case, a class action lawsuit alleging that Prudential used deceptive sales practices in the selling of life insurance, Prudential was ordered to "preserve all documents and other records containing information potentially relevant to the subject matter of this litigation." Prudential had relied on its e-mail system as a method to caution employees against document destruction, but had failed to mention the class action litigation that was pending.

During employee depositions, it was discovered that many employees did not have e-mail access and those employees who had received the notices did not distribute them to employees without access, and some notices were not sent to all divisions. The court also found that using the e-mail system as a method of notice to employees to preserve documents and prevent destruction was ineffective and a failure to implement the court's preservation order.

It went to say: "When senior management fails to establish and distribute a comprehensive document retention policy, it cannot shield itself from responsibility because of field office actions. The obligation to preserve documents that are potentially discoverable material is an affirmative one that rests squarely on the shoulders of senior corporate officers. …" Id. at 615.

Developing a good records management program is a time- consuming endeavor. Many corporations have used an in-house records manager to help in this undertaking while others secure the services of records management consultants. However your company chooses to develop its record retention program, sooner is better than later.

Required components checklist

Written policy directives that define corporate records, emphasize their value as corporate assets, affirm corporate ownership of recorded information associated with a company's business operations, and articulate the purpose and scope of recorded information management initiatives.

Standard operating procedures for storage, retrieval, dissemination, protection, preservation and destruction of recorded information associated with all business practices.

Systematically developed retention guidelines that specify how long records are to be kept and fully address a company's legal, fiscal, regulatory and administrative requirements, as determined through consultation and collaboration with corporate legal, tax and finance departments, as well as knowledgeable personnel in other business units.

Procedures for timely, secure destruction of corporate records when their prescribed retention periods elapse, including provision for suspending the destruction of records if warranted by litigation.

Design and implementation of manual and computerized methods for convenient retrieval and dissemination of recorded information when needed.

Cost-effective arrangements for storing inactive records that need to be retained for legal, fiscal, regulatory or administrative reasons.

Policies and procedures for identifying and protecting records deemed to be essential for continuity of mission- critical business operations.

Training plans and programs for company employees regarding the above.

Compliance assessment initiatives to monitor, audit and enforce records management policies and procedures.

This checklist is from FAQs for Corporate Executives and Decision-Makers, published by ARMA International, 2002. ARMA (Association of Records Managers and Administrators) is a professional nonprofit organization.

Cogar is a senior consultant for Cohasset Associates Inc. in Hamburg, N.Y., and Howell is of counsel at Seyfarth Shaw in Chicago. Cogar's e-mail is rcogar@localnet.com and Howell's is thowell@seyfarth.com.

Back to Top