US firms in the dark over data retention

US firms in the dark over data retention

Half of companies have no data retention policy

A year after the launch of the revised Federal Rules of Civil Procedure (FRCP), more than 65 per cent of US businesses remain unprepared to meet strict court requirements for the discovery and handling of electronic evidence, new research claimed today.

The revised rules set "aggressive timelines" for the discovery of electronic information such as email, and strict penalties for the destruction of evidence.

They also include 'safe harbour' provisions to protect organisations that implement standard retention policies for electronically stored information.

The rules were drafted by the Supreme Court and approved by Congress and the US Judicial Conference, and have already had a profound effect on how the US legal system handles electronic evidence including emails and digital files.

However, the MessageOne Email Archiving Practices Survey of IT professionals, conducted by Osterman Research, revealed over half of US companies lack a policy to govern email retention and deletion.

The study also showed that 67 per cent of companies allow individual end users to determine how long messages are kept by the company.

Additionally it was discovered that two-thirds of companies do not have the email archiving technology required to manage retention, litigation holds and electronic discovery.

In the event of litigation, these companies would probably be required to search back-up tapes, desktop files and legacy systems to find information that had been deleted in the absence of a good-faith retention policy.

Manual electronic discovery searches can cost hundreds of thousands or even millions of dollars, the MessageOne report warned.

These companies also risk being sanctioned for the illegal destruction of evi dence, including courtroom penalties that can cost a company an important legal case on process grounds.

"The survey reveals serious legal issues for organisations that either ignore the new federal mandates for compliance and e-discovery, or are clearly not well educated on how to meet the technical requirements," said Michael Osterman, chief executive at Osterman Research.

"Many recent court cases have shown that companies are expected to show a clear retention policy. The time is now for all companies to set and manage retention policies for their entire organisation."

Osterman added that, while the revised FRCP provides a strong incentive for potential litigants to put email retention policies in place, they do not provide any guidance on the contents of the actual policies.

As a result, companies have taken very different approaches to email retention. Almost half have implemented email retention policies, while 36 per cent keep all messages for the duration of their policy.

Some 64 per cent vary retention policies based on a pre-defined criteria. Retention strategies typically reflect an individual corporation's philosophy around email and litigation, according to the report.

Companies that view email as a strategic asset and value the context provided by email in litigation, keep email messages for many years.

Other companies view email as a necessary evil and worry about "smoking guns " tend to delete messages as quickly as possible.

Although most companies are not prepared to meet the new FRCP requirements, the survey showed that 64 per cent of companies plan to implement new email retention policies over the next 12 months.

One of the reasons that companies have been slow to comply is that there are typically many stakeholders involved in setting retention policies.