The case for electronic records management: physical storage of thousands of documents is...

Asea change in attitude towards records management has taken place since the tidal wave of accounting scandals and corporate corruption that followed the stock market peak in 2000. At the heart of most of the high-profile shareholder frauds, especially at Enron Corp. and Arthur Andersen, has

[ILLUSTRATION OMITTED]

To address these scandals, a plethora of industry and government regulations have been passed that mandate how information in any form, electronic or paper, must be managed and retained for a specific number of years imposing varying retention schedules for records.

For example, the Occupational Safety and Health Administration (OSHA) requires some records to be held for 30 years, Title 21 Code of Federal Regulations (21 CFR Part 11) requires life sciences/pharmaceutical industry records to be held for 2-5 years, and the Health Insurance Portability and Accountability Act (HIPAA) requires retention of healthcare records from 2 to 21 years (and possibly to the life of the patient). Securities and Exchange Commission (SEC) 17a4 and Section 802 of The Sarbanes-Oxley Act have strict record retention requirements as well.

These regulations have teeth. Five Wall Street firms were fined $1.65 million each for not properly saving and retaining their email in 2002. Regulatory compliance failure can result in censure or fines, litigation, reduced market capitalization, federal and/or state suspension from normal business activities and criminal penalties. As a result, enterprise records management (ERM)--the systematic control of records throughout their lifecycle from creation/receipt to use/circulation to maintenance to disposition--has become a high executive-level priority.

Cost of Discovery: Staggering

When a regulatory body, auditor or court requests a record, the cost of discovery can be staggering for electronic records and especially for physically stored records. At some companies, physical and electronic record keeping has been in such a state of disarray that it has often been cheaper to pay regulatory audit fines and fees than to comply by paying the people necessary to find and locate the requested records.

Paper-based filing schemes should be completely rethought and re-implemented from the ground up. In reality, most companies create and retain records in a manual and sometimes ad hoc manner, which is labor-intensive and costly. The solution to discovery requests will not be found in the addition of more people or manual processes.

File systems, email systems and many document management systems, which contain electronic records, were never designed with records retention in mind. Even though these systems are routinely backed up, it is laborious to retrieve individual files directly from backup media. For example, in the Fen-Phen product liability trial, the cost of discovery for a pharmaceutical company retrieving records from backup tapes was estimated at almost $2 million.

For civil lawsuits, discovery failure is not an option. In fact, for many companies, the biggest risk for records retention comes not from regulators but from the threat of civil litigation. Civil Law Rules 26 and 35 state that during discovery, parties must provide each other with all records relevant to the dispute. Relevant records must be delivered if they exist, and organizations cannot claim undue burden as an excuse. Regardless of the volume of content, even if it is hundreds of terabytes, if opposing counsel requests it, the content must be produced.

Here is where the profound difference between a backup strategy and a records retention strategy becomes apparent. Most backup strategies inadvertently destroy data that should be retained, and old data that has been deleted from computers--and therefore assumed destroyed--is still on a tape somewhere. If a firm finds itself under investigation, that data must be retrieved. If a subpoenaed record that is said to have been destroyed is found, a summary judgment for the opposing party can be awarded or a charge of obstructing justice levied.

If records that should be found cannot be produced, there would be a severe risk of losing the case because of a "spoliation instruction" to the jury, which suggests deliberate destruction of evidence. Alternatively, the court may grant the other party direct access to a company's computer systems, compromising sensitive information. In Europe, discovery compliance failure may result in a contempt of court ruling, forfeiture of the case and/or imprisonment of company officers.

One way to solve these issues is to implement a robust records management solution, combined with a document management solution that integrates with a company's enterprise resource planning (ERP) system. By integrating these solutions with the ERP system, there is no need to have separate systems to streamline daily operations as well as handle the archival and retention of these same records.

By utilizing an integrated records management solution, information requested for discovery can be delivered in hours, not days or weeks. Huge labor savings can be realized, since fewer professionals are required to tediously manage, locate and retrieve these records. Investment costs can typically be recouped in a reasonable period, based on time saved in record retrieval costs alone.

Perhaps even more importantly, the risks associated with losing or being unable to locate critical documents in an offline, manual or backup world are removed when these documents are kept under the control of an electronic records management system.

Uniform Disposition of Records

The flip side of retaining required records is the disposal of unneeded records and content, which must be managed properly. Executives should be aware that unneeded content increases liability, since potentially litigious documents may remain on systems or in physical storage. As Microsoft learned in its antitrust case, many potential smoking guns in those records are collecting dust. Often, it is riskier to hold on to unneeded records than it is to store those records in the first place.

Most mid-size to large companies have multiple warehouses, each possibly the size of an airplane hangar, packed with rows and rows of floor-to-ceiling shelves of boxes and files. These antiquated edifices should be completely replaced--they may house a lot of history, but they could also expose a company to needless lawsuits and are costly to operate.

Industry leaders are often targets of litigation. An ERM system legally destroys unrequired documents within the framework of a reliable and consistent method of managing records. With an ironclad records management system, opposing counsel will think twice, making the defensible disposition of unneeded and unwanted records truly a liability insurance policy.

For most large corporations, records are an integral part of core business processes, especially financial processes. The benefits of tightly integrating records management with financial ERP systems are clear. Records related to financial transactions can be managed from creation to destruction, in compliance with regulatory laws such as Sarbanes-Oxley.

When also combined with business process management (BPM) software and workflow, transaction records can be automatically classified and archived within the framework of a comprehensive policy-based program of records retention. This complete solution can virtually eliminate burdensome ad hoc discovery costs while keeping sensitive user files protected from investigators and litigators.

RELATED ARTICLE: Risks of Improper Records Management

Censure or fines

Litigation/high legal discovery costs

Reduced market capitalization

Regulatory suspension of normal business activities

Criminal penalties

Rakesh Shukla is Co-founder and Director of Product Marketing for 170 Systems (www.170systems.com) in Bedford, Mass. The company's Web-deployed solutions enable document imaging and management systems and allow e-businesses to capture and manage all of their information online.