A year has passed since last spring's prosecution, conviction, and collapse of Arthur Andersen based on that firm's destruction of documents. Last summer's passage of the Sarbanes-Oxley Act, which among other changes, broadened obstruction of justice statutes and enhanced criminal fraud penalties, is no longer front-page news. Business is good, and it no longer seems so important that you have never gotten around to reviewing your company's document retention policy.
Don't wait any longer. If you have not done so, it is now time to re-evaluate your firm's document retention policy. This review is in addition to – and not at all satisfied by – the new SEC rules issued under Section 802 of the Sarbanes-Oxley Act that require accountants who audit or review an issuer's financial statements to retain certain records relevant to that audit or review (see Retention of Records Relevant to Audits and Reviews at http://www.sec.gov/rules/final/33-8180.htm). Beyond the additional obligations imposed on accounting firms, the Andersen case made clear that a corporation may face criminal liability for document destruction prior to formal notice of an official proceeding, and without obvious indicia of "corrupt persuasion." The company was charged under 18 U.S.C. § 1512. That statute makes it a crime to "corruptly persuade" someone to destroy or alter documents to make them unavailable in an official proceeding. The Sarbanes-Oxley Act, among other things, created an additional statute, 18 U.S.C. § 1519, criminalizing such actions with the intent to obstruct a federal investigation or bankruptcy case, "or in relation to or contemplation of any such other matter or case." The new statute thus makes it a crime to destroy or alter documents even when there is no pending "proceeding" and makes no reference to "corrupt persuasion." In this new environment, document retention plans are no longer safely delegated to file clerks or facilities managers. Untimely document destruction can have serious consequences for individuals and corporations, including, but not limited to criminal liability.
Corporations and other business entities need a comprehensive and legally sound document retention policy to protect the entity and its employees, officers, and directors. Moreover, because corporations can be held criminally liable for the acts of employees falling within the scope of employment, even when such actions are contrary to an official instruction or policy; high moral, ethical, and legal standards among a company's top executives, without more, are not an adequate safeguard against corporate liability.
The lack of an adequate document retention policy can expose a firm and its officers and employees to criminal charges for obstruction of justice, regardless of whether its officers believe they are obstructing justice. Such intent is often inferred from an act that has the natural and probable effect of interfering with the due administration of justice. As a result, companies must focus upon their document destruction habits now, or face the consequences later.
At the same time, unnecessary document retention is prohibitively expensive. Not only must a firm pay to store the retained material; but, in the event of a discovery request, it also must expend resources searching through the plethora of unnecessarily retained material in order to comply. Companies must implement policies ensuring the retention of those documents that are necessary to avoid obstruction of justice charges, while avoiding retention of unnecessary documents that drive up information storage and retrieval costs.
Questions to Consider in Evaluating Your Document Retention Policy
- Does your document retention policy reflect obligations imposed by all current state and federal laws and regulations? Federal and state laws and regulations often impose document preservation obligations, both directly and indirectly. Statutes or regulations plainly stating that certain records must be maintained are not the only sources that may impose document retention obligations. Documents related to these required records or claims and defenses that might arise from these records should also be maintained. Accordingly, it is important to evaluate the variety of contexts in which your company may need particular types of documents.
- Has this issue come up before in your company's history? Initially, a company should review any past involvement in litigation, investigation, or regulation by government entities, and any consent decrees to which it has been subject. Courts have held that such history can provide notice to a company that further litigation or investigation is pending on the previously investigated matter. If the company proceeds to destroy documents pertaining to the matter in question anyway, it may be criminally liable under federal obstruction of justice statutes, and civilly liable for spoliation under the Federal Rules of Civil Procedure.
To guard against the risk generated by past litigation or investigation, counsel should review the client company's history to determine the scope of the notice these proceedings provide of future litigation or investigation.
- Does your company have in place an adequate means for ensuring that documents are not destroyed? In the event your company is provided with actual or constructive notice of pending litigation or investigation, you must have a means of quickly and efficiently halting the company's regular document destruction practices. If your company is negligent in halting the destruction of relevant documents – even if the destruction conforms to the existing retention policy – it may be found criminally and/or civilly liable.
To ensure this does not happen, the client company should establish a central system that allows for the rapid dissemination of information and instruction through all levels of management once an employee of the company is provided with constructive notice of pending litigation or investigation. This requires a two-way information highway, allowing lower level employees rapidly to communicate any notice to upper-level management, and allowing upper-level management quickly to communicate instructions for suspension of regular document disposal back down to lower level employees.
- Is there adequate guidance for what must be preserved? Once a company has determined that it is on notice for one or more matters, the company must have a means of distinguishing between relevant and irrelevant documents pertaining to these matters. A given document need not be admissible in court for it to be legally relevant to a matter under investigation or a matter that is being litigated. The relevance of a document is assessed by asking whether or not it would be discoverable by an adverse or investigating party seeking information on the matter.
Discovery rules, in turn, generally allow any item reasonably calculated to lead to admissible evidence to be discovered, whether or not the item itself would be admissible in court. Thus, the duty, if any, to preserve a document generally hinges on a legal determination about whether it is reasonably calculated to lead to admissible evidence. This requires extensive evaluation of two legal issues: what sort of evidence would be admissible pertaining to the matter at hand, and what documents would a court likely consider "reasonably calculated" to lead to such evidence.
- A bad policy may be worse than no policy. Courts may view the establishment of a document retention and destruction plan near the onset of a legal or administrative investigation as strategic bad faith destruction outside of the ordinary course of business, thus producing liability. Courts also may find companies liable as a matter of law for documents destroyed under a plan lacking a legitimate purpose.
Thus, establishment or reform of the client company's document retention policy should only be undertaken before – preferably well before – any question arises about the relevance of documents that might be destroyed under the policy. Additionally, the new document retention plan should itself be documented, and should include a specific statement of legitimate purpose (e.g., organization and efficiency) for the establishment or reform of the plan.
- Regular enforcement is key. Document retention policies must be regularly enforced even when no litigation or investigation is looming. Sporadic enforcement may be viewed as strategic bad faith destruction, rather than document management occurring in the ordinary course of business. This may produce liability. The client company's document retention policy should call for regular checks to ensure that employee practices of destruction and retention consistently conform to the plan.
- Paper to non-paper and vice versa. An effective retention plan must control the replication and storage of documents. Most states have adopted some version of the Uniform Photographic Copies of Business and Public Records as Evidence Act, which allows companies to copy paper documents into electronic form, then destroy the originals to promote organization. Even in states that have not adopted the Uniform Act, the Federal Rules of Evidence (which have been adopted in all of the non-Uniform Act states) would most likely permit electronic duplicates to stand in at trial for original paper documents. Thus, conversion of documents from a paper medium to an electronic one is not likely to put a company in danger of either criminal or civil liability, or sanctions for document destruction.
Companies might face liability, however, if they copy electronic originals into paper form, then destroy the electronic originals, however. This conversion process may result in a loss of relevant information that was encoded in the electronic version, but not the paper version of the document (routing data, delivery times, etc.). If the company practice is to print hard copies of electronic documents, care should be taken also to maintain the original electronic versions.
- E-mails. An effective document retention plan should, to the greatest extent possible, limit the risks posed by e-mail. Just like any conventional document, e-mail and other electronic files may be subject to discovery.
Employees tend to communicate more candidly in e-mail than they would in formal memos, apparently under the misconception that after they delete the e-mail, it is gone. Ironically, e-mail tends to be much more difficult to destroy than paper documents, or even electronic word processing documents. E-mail continues to exist on a computer's hard drive even after it is "deleted," and, through its transmission, is likely to exist on multiple hard drives.
In response to this risk, the client company should establish an e-mail usage policy, signed by all employees, which informs them of the following: (a) e-mail is virtually permanent, (b) adverse parties and investigatory bodies have the ability to discover e-mail, (c) e-mail may not remain private, (d) because of this, the company is instituting restrictions, and (e) the company reserves the right to monitor usage of e-mail in the ordinary course of business.