Triware Networld Systems 

19 Years Of Around The Clock Superior Network Systems Service & Support!

 

Home
Solution
Technology
Service
Support
Client
Partner
Career
Events
News
   Back ] Up ] Next ]
 
   

 

 

Information Retention Policy – To Shred or Not to Shred, That Is The Question

Many of us remember when news of the Enron scandal broke and the details of the extent of the scandal started to come to light, but most of us were not aware of the fall of Arthur Andersen LLP that was closely related to the fall of Enron. Founded in 1913, Arthur Andersen was once one of the Big Five accounting firms; it lost that elite status when it was convicted of obstruction of justice in June of 2002 in relation to the Enron scandal.  As details of the scandal started to emerge, managers of Arthur Andersen instructed certain Enron-related auditing documents to be shredded.

Arthur Anderson was convicted of obstruction of justice despite the fact that Arthur Andersen had well written policies regarding the retention of documents and despite the fact that even with the shredding, the government never proved that information in one form or another related to the Enron case was not available when the government requested it. The appearance that Arthur Andersen had something to hide (by shredding documents) was enough to bring down this billion-dollar, internationally known and previously highly reputable firm.

The fact is that a lot of documents, although the hard copies may have been shredded, still exist in electronic form.  Welcome to the Digital Age!  And because documents now exist in both digital and hard copy format, most of the information retention policies written in previous decades may not be applicable any longer in the digital age.

So, what kind of records do organizations typically retain?  Certain records are kept for business reasons, others for legal or regulatory reasons.  Below are some high-level examples: 

bulletRegulatory requirements
bulletLegal documents
bullet Environmental documents
bulletFinancial documents
bullet Intellectual property documents
bulletTax-related documents
bulletHuman resources documents
bulletClient source documents
bulletContracts & agreements

On the heels of the Dot Com bust were a number of very prominent corporate scandals and even criminal activities and convictions in some of the largest and most well known US corporations. Congress responded with the Sarbanes-Oxley legislation and specifically, section 1519 which penalizes the destruction of records or information during any investigation or bankruptcy proceedings.

At times illegal, is the idea of shredding records to protect possible litigation practical or even enforceable, or is it obsolete?

One of the major reasons most organizations have written information retention policies is to avoid historic lawsuits like Manville’s asbestos and Phillip Morris & R.J. Reynolds tobacco cases.  In each of the above cases, the internal documents came to light and supported the prosecutors’ cases.  Nonetheless, there is certainly a legitimate need to get rid of obsolete paper records to free up space for others.  It is impossible to store hard copy records forever.

Given the fact that all records can now be digitized, the space needed for storage has drastically decreased.  With the advancement of digital storage technologies, potentially speaking, we can store all records indefinitely in digital format.

But this then begs the question: is there a reason to store records digitally (or in any format) indefinitely?  What can that be the possible benefit for the organization?

In Ronald Perelman vs. Morgan Stanley, after a five-week trial, the jury awarded $1.45 billion to Ronald Perelman because Morgan Stanley was unable to produce the electronic documents.  And again in Laura Zubulake vs. UBS, the panel awarded $29.3 million in wages lost and punitive damages against Zurich-based UBS.  According to the ruling, UBS could not produce the necessary emails and other electronic documents, and this led to the appearance of UBS having something to hide.

In both of these cases, Morgan Stanley & UBS might have been better of producing all required emails and documents and let their highly paid lawyers argue it out in court, because the alternative was not really acceptable in either case.  Why then could not both firms produce the information requested by the courts?  We may never know.  Was the information not longer available because it had passed its retention date?  Or if the information was in electronic format such as email or other forms of electronic documentation were they not being saved or backed up? Again, we might never know.  Given the size and resourcefulness of both firms, one would think producing required records would not be that difficult.

We know by now that most organizations do not have all records / information in hard copy paper format, and when one wants to eliminate the record, shredding hard copies alone does not guarantee their destruction. Even for electronic records and information, erasing them does not necessarily eliminate them. Oliver North found out the hard way after he erased his email from his computer during the Iran-Contra scandal back in the Reagan administration.

Bill Gates in one of his books – “The Road Ahead” – predicts that we will soon live a fully “documented life.”  Well, I think we are just about there already. What the implications are for our society at large we may not know for sure for some time to come. But one thing we do know is that for corporations and other businesses, the retention of information and the policies that govern it will be ever-changing going forward.

By Benson Yeung, Senior Partner

Benson Yeung Biography

Since 1991, Mr. Yeung has consulted on IT and business related issues to over 300 small, medium, and large Bay Area organizations. He also contributes articles to the Loral Computer Special Interest Group, Microsoft Project, Silicon Valley Computer Society monthly newsletter and other nation-wide publications. During the past 20 years, he has spent a significant amount of time in IT security fields and has a deep understanding of the state of IT security issues and has developed frameworks and best practice methodologies for the field.

Mr. Yeung’s client list includes Flextronics, HP, Levis-Strauss, Loral, NeXT Computer, New York Life, Stanford University, Symantec and many other companies. Mr. Yeung also works closely with various VC firms and startups in the Bay Area as a Technology Advisor, IT & Operations Consultant. Mr. Yeung has a B.S. degree in Computer Science from Arkansas State University. He is also a Microsoft Certified Trainer (MCT) & System Engineer (MCSE).

Back to Top

Information Request Form

Sign up for TNS News Letter

Information Request Form

Select the items that apply, and then let us know how to contact you.

Request a Senior Partner contact me
Request a Web Meeting and / or Web Demo
Subject
Name
Title
Company
Address
E-mail
Phone

Business Partners

   
     

© Copyrights Triware Networld Systems, L.L.C. ® 1991-2010