Records Retention Policies to Go Away?

Laws, regulations, and internal policies dictate how long electronic information should be kept.

A typical organization will have to manage many such retention policies. Doing so is difficult enough when you just have to deal with formal paper records, such as financial returns or customer contracts. When it comes to handling a much larger corpus of electronic information, the problem becomes significantly worse.

There are advantages to deleting electronically stored information after some period; there are disadvantages of doing so as well. All in all, given the difficulty of getting retention policies right, and the value and small cost (on a per-user basis) of keeping electronic information, I believe most organizations will abandon retention policies. We'll all end up keeping information for arbitrarily long periods, and thus satisfy the varying retention requirements. Much simpler.

  • "Reduce your risk profile." Information you keep can be used to show you did something wrong in litigation (assuming you did, in fact, do something wrong).
  • Early case assessment. By deleting information you reduce the numbers of documents that must be (expensively) reviewed during litigation.
  • Less time spent weeding through documents to find the ones you need.

... David Ferris

One Comment

  1. Posted May 21, 2008 at 3:23 PM | Permalink

    Hi David,

    On the subject, a reader of mine adds this:

    In fact, to ensure consumer privacy, document retention policy and practice need to be very clear about when data should no longer be held. Under PIPEDA (Canada’s primary privacy legislation), organizations are in fact obliged to destroy or delete sensitive personal information when it is no longer required. Quoting from the Commissioner’s website at , an organization should:

    – Use or disclose personal information only for the purpose for which it was collected, unless the individual consents, or the use or disclosure is authorized by the Act.
    – Keep personal information only as long as necessary to satisfy the purposes.
    – Put guidelines and procedures in place for retaining and destroying personal information.
    – Keep personal information used to make a decision about a person for a reasonable time period. This should allow the person to obtain the information after the decision and pursue redress.
    – Destroy, erase or render anonymous information that is no longer required for an identified purpose or a legal requirement.

    I think this is reasonable and (after all) companies can’t lose information they no longer have…

  2. Shahid
    Posted May 22, 2008 at 2:07 PM | Permalink

    Hi David

    This is indeed a minority viewpoint and in fact goes against most/all practice and legislated precedent. Would be highly interested in hearing further on why you believe ‘most organizations will abandon retention policies.’


  3. Patrick
    Posted May 27, 2008 at 5:00 PM | Permalink

    Any company that follows the suggestion to retain everything and abandon their retention polciies may as well start creating a reserve for litigation costs and spoliation judgements right now.

    What you suggest is that an organization will just keep everything forever, in effect. Oh, but wait. We didn’t mean spam. And we didn’t mean that “Let’s go to lunch” email or that cookie recipe or the email from the grandkids. But wait, those aren’t really records and we only mean that we want employees to keep “records” forever. Fine. So what is a record? Let’s make a list. Hmmm. Maybe some of those things really don’t need to be kept forever. So let’s classify them and then start getting rid of the less important stuff. Yep, before long, you’re back to a retention schedule.

    The reality is that no organization can afford the storage or the potential liability that comes with keeping everything. As another commenter noted, some information MUST be discarded when it no longer has value. I suspect those requirements will tend to increase as people (and lawmakers) become more sensitized to issues involving personally identifiable information.

    The biggest problem with keeping everything is that sooner or later someone is going to have to sift through everything to find something. And the bullets that you put into your post are the exact reasons why you don’t want to keep documents too long. Even with emerging context searching tools, someone still has to review all of the documents that are “hits”. They may or may not be relevant. They may or may not have had need to be retained. But if they exist and they fall within the search criteria, someone will have to look at them. And that someone is probably a lawyer who is billing out at a lofty hourly rate.

    And the issue that you haven’t addressed is what happens when someone doesn’t go along with the plan and gets rid of something they shouldn’t have gotten rid of (a problem that exists even when you have a retention program in place). If a company represents that they have a bulletproof archiving program, it darn well better be bulletproof — nothing gets by.

    At the end of the day, whatever a company decides to do should not be driven by how “hard” or how expensive the solution is. Neither of those things will matter in court. What matters is consistency of practice and rationality of practice. What I am seeing out here in the real world is simplification. Companies are tending to reduce the number of line items in retention schedules. They are creating retention folders that are consistently labeled for both email and Office documents. They allow users to easily populate their storage environments with these folders and to auto-classify as much content as is possible (i.e. if I know that you work in Accounting, your records are probably going to be Accounting records and those things tend to have similar retention periods, so I capture metadata about you and your role and once you declare this document a record, it is associated with other Accounting records).

    Companies may certainly decide to fire their records managers and archive data into a big steaming pile of electronic goo, but there will come a day in the future when somebody has to reach into that pile of goo. They will be paid handsomely to do just that.

Post a comment

You must be logged in to post a comment. To comment, first join our community.