Recently, I had the good fortune to moderate a Web seminar dealing with document
retention. Not all retention is good.

So many permutations, so little time. Let's start with the fact that more than
80 percent of typical business documents (Word, Excel, etc.) reside on employees'
desktops and laptops. That's a problem. Despite the good efforts of most enterprise-class
backup software that reaches down into client computers, it's reasonable to
assume the success rate -- for a variety of reasons -- is going to be something
less than perfect. Files are created and changed while laptops are not connected,
files get saved to and read from CDs, thumb drives, and e-mail attachments.
And, of course, laptops get lost or stolen.

Some files, most notably e-mail, almost always reside on a server in an enterprise
environment, unlike tiny businesses or home users who keep their Outlook .pst
files on their desktop machine. Even when someone "deletes" e-mail
messages and believes it's really gone, we know better. Other communication,
best typified by instant messaging is ephemeral, and really may be gone forever
unless explicitly saved by one party or a subpoena is served upon the IM provider.

Let's ignore that less-than-perfect backup success rate and transitory nature
of IMs for the moment. The larger question is what does your customer do with
these files once they are backed up?

The problem is not as simple as one might think. Sure, it's a feather in the
cap of IT to recover a file accidentally deleted by some poor slob with a trigger
finger. That's a workaday issue. But what happens when litigation leads a court
to order that documents generated years earlier be produced at trial or during
discovery? It's not so easy. And the liabilities are enormous.

We've all heard about the case of the Wall St. brokerage firm fined millions
because it could not produce e-mail messages. One issue is whether a company
has powerful enough search capabilities to find what it's looking for. The other,
and perhaps more important aspect is whether IT know for an absolute fact if
the files do indeed exist or not. It's one thing to say they exist and we can't
find them. It's quite another to admit you don't know whether there's anything
to be found in the first place. That makes everyone, including IT, executives,
and the integrator who provided the systems in questions look rather foolish
and incompetent -- certainly not a good thing in the eyes of any court.

There is yet another scenario, and that's to say "the files in question
no longer exist and we can prove that for a fact."

But that's tantamount to proving a negative, isn't it? And we all know that
proving a negative is an impossibility -- not unlike, say, a baseball player
attempting to prove that he never took steroids. Just ask a certain Mr. Clemens.

Well, sure, perhaps mathematically you can't prove it, but there is a next
best thing. And that is a published corporate document retention policy, known
to all, agreed to by employees when they sign for their copy of the employee
handbook, and -- here's the key -- enforced by powerful document-retention management
software.

When the court orders documents produced, you now have an additional possible
answer:

1) It exists, here it is (which could produce a smoking gun at trial, not a
good thing)

2) It exists, we can't find it (not exactly the stuff of Einstein here)

3) It may or may not exist, we're just not sure (see comment above)

4) It no longer exists, that tape was recycled at some point (not easy to prove)

5) It no longer exists, here is the date and time it was destroyed in accordance
with our published document-retention policy

I'll take option five every time.

It's essential that every business (including yours) establish an official
document-retention policy. If the policy says all e-mail communication is destroyed
after one year, fine. But stick to it. Retention length can vary for a variety
of reasons, local and state laws, and the effects of Sarbanes-Oxley key among
them. Once these obligations are met, it's entirely up to the business to keep
documents and communications for five years or fifty.

Very few companies do this. Very few have a clear document-retention policy.
Of those, even fewer employees can cite the policy particulars (if they know
it exists at all). In the modern world, keeping more and more information longer
and longer is just what we do, after all EMC is selling lots of very large storage
subsystems. But it is equally important to jettison information, stuffing it
into a virtual shredder on a very clear, well-documented schedule.

It's something to look into next time you speak with your customers.

ITworld.com

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine