Record Retention

Robinson+Cole Data Privacy + Security Insider

An ongoing and frequent recent request is to assist clients with record retention guidelines and migrating from storing massive amounts of paper records to an electronic system. How to do this right cannot be fully encapsulated in a blog post, but here are a few thoughts to consider when tackling this cumbersome process.

There are very specific federal and state laws that apply to record retention. Most of them are very old and out of date, but they are still on the books. Without addressing the retention issues of a litigation hold and eDiscovery (which are complicated), developing a basic record retention program is still challenging and because of the risk of data in general, more and more companies are revisiting their record retention programs. This is a good idea.

One of the most challenging parts of developing a record retention program is getting started. Here is a rough outline of how to get started and things to consider when embarking on developing your record retention program or when you are trying to figure out what to scan and shred.

  • Figure out what state and federal laws and regulations apply to your company’s records (some of these laws are specific to certain industries)
  • Map the data that is required by laws and regulations to be retained and concentrate on that data first
  • Determine how long laws and regulations require that these records need to be retained
  • Develop a record retention schedule for the different types of records that need to be retained by laws and regulations
  • Determine what records can be destroyed and shred them or delete them from the electronic system (making sure none of them are subject to litigation holds or eDiscovery Orders)
  • If you scan records that need to be retained into your system, consider access controls to sensitive data or personal information to only authorized employees
  • Consider encryption technology (encryption at rest) after migrating from paper to electronic storage
  • Map vendors who may have access to the electronic documents and put appropriate contracts in place with them
  • Assign business owners to the data that is subject to the record retention program so the schedule will be followed
  • Stick to the schedule
  • Review and revise the program on an annual basis

Storing unnecessary data is risky, so tackling record retention is a basic part of your risk management program. Tackling the risk with baby steps makes the process easier.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.