Parry Aftab, Esq.,
The Privacy Lawyer
managing cybercrime, privacy and cyber-abuse risks

Home ] E-Mail Parry ] For the Media ] Contact Info ] Website Search ]  
About Parry Aftab Speaking Services Consulting Services Coaching for Social Networks The Privacy Lawyer "Angel of the Internet"  

For Updates and Media: Subscribe to our Aftab.com RSS feed  
Parry's The Privacy Lawyer blog is updated regularly with breaking news.


 

In the News: For information about Parry's media appearances and  articles about her, visit Parry's blog
 ParryAftab.blogspot.com or search for "Parry Aftab" on your favorite search engine, and click on the "news" tab).

Check out Parry's Blog on Internet Safety , and download her Podcast to your iPod from iTunes.com or the MP3 files

To book Parry for a school or parent event or your conference, contact us at speaking@aftab.com.

 

Blogs 101 and Law
School Risk Management Issues
Privacy Laws
Cybercrime & Abuse
Kids' Internet Law
Workplace Privacy
Cyberlaw
Risk Management
For Lawyers
In the News
Internet Safety
Parry's Articles
Monitoring Law
Child Pornography

 

 

 

 

 


 

 

 

Data Security: Record Retention Rules

An important service that in-house counsel must render to the corporation relates to the maintenance and control of a company's documents and record-keeping system. Aside from the obvious need for counsel to ensure the preservation and retention of company documents and other records which are the subject of or relevant to (i) litigation or other controversies involving the company, or (ii) governmental or other subpoenas or other legal requirements, and avoid improper destruction of such records, there is the basic consideration of protecting company records from unauthorized disclosure or misuse, and managing effective and legitimate means for retaining and disposing ofmaterial in the ordinary course of business.

Like other compliance programs initiated and implemented by companies, record retention/disposition programs are vitally important to management's observing its legal obligations in the conduct of its business. And, as is the case with  such other programs, document retention programs must be consistently enforced. In short, it makes good business sense to have these clearly defined policies in effect and to follow their guidelines.

There is no doubt that most firms and businesses respect the rules against obstructing justice, and, in civil matters, abide by the requirements of pre-trial discovery; and are truly responsive to subpoenas and requests for document production. Generally, companies will diligently search their files and furnish copies of requested and required material. Accordingly, there should be policies and programs in place which not only protect against careless or willful destruction of "subject" material, but also provide for the orderly and legitimate disposition of documents; and, at the same time, reasonably and readily enable the company to identify and locate material required to be produced. It falls to the in-house attorney to institute such policies and procedures and monitor their implementation. [3] The American Corporate Counsel Association has developed a Model Records Retention Guideline  and Model Corporate Records Retention Plan to assist counsel in establishing effective plans in this area. They are attached as Exhibits A and B.

NOTES:

3. See In re Prudential Ins. Co. Sales Practices Litig., No. 95-4704, MDL No. 1061 (D.N.J. Jan. 6, 1997), where the court imposed a $1 million fine for a company's failure to take adequate steps to halt routine document destruction once litigation had been filed, even though the company had made some effort to comply with its disclosure obligations and had not intentionally sought to hide evidence.

Model Records Retention Guideline

The objective of this guideline is to establish a requirement for the Corporation and each of its subsidiaries and divisions to develop and implement an appropriate records retention program which meets the following criteria:

  1. All records are retained for the period required by applicable state and Federal laws and regulations.
  2. All records necessary for business reasons are retained for a period of time which will reasonably assure the availability of these records when needed.
  3. Adequate records will be developed and maintained to document the Company's compliance with all relevant laws.
  4. Vital records will be identified and appropriately safeguarded.
  5. All records not necessary for legal and business reasons can be destroyed in order to reduce the high cost of storing, indexing and handling the vast amount of documents and paper which would otherwise accumulate.
  6. Destruction of records shall take place only in compliance with a standard policy which has been developed for business reasons in order to avoid the inference that any document was destroyed in anticipation of a specific problem.
  7. Documents which are not subject to retention may need to be retained due to otherwise unusual circumstances such as litigation or government investigation. If for any reason it is felt that a document should be retained due to an unforeseen circumstance, the Corporate Legal Department must be consulted. When litigation or investigations occur, the Corporate Legal Department will notify the appropriate departments and direct that relevant categories of documents be labeled for retention until further notice.
  8. The privacy and security of records shall be appropriately assured.
  9. Records maintained on microfilm and microfiche, magnetic tape or other electronic data processing storage media are legally acceptable media for records retention and are governed by the same guidelines as other records.
  10. It is imperative that the Corporation know which documents have been retained and which documents have been discarded. Therefore, extra files including correspondence, memoranda, notes, computer discs, tapes, etc. which are maintained in individual offices, at home or any other off-site location are subject to these guidelines and shall not be retained in excess of these guidelines.

Delegation

The responsibility for seeing that an appropriate records retention program is established and implemented at each of the divisions is delegated to the Division Controller.

Final Approval

Each records retention program shall be in written form and must be approved by the Corporate Controller and General Counsel. The Corporate Records Retention Plan has already been approved by the Corporate Controller and General Counsel and, if used without change, does not require further approvals. Changes must be approved by the Corporate Controller and General Counsel.

Audit

The Corporate Controller and General Counsel shall be responsible for auditing the existence and content of all written records retention programs. Each Division Controller shall be responsible for auditing the actual implementation of such programs at the various operating units.

Exceptions

Requests for exceptions from this policy should be submitted first to the Corporate Controller and General Counsel. In order to obtain an exception from this policy, there must be a program which will assure compliance with the basic objectives stated above at least as effectively as the Corporate Records Retention Plan.

Review

The Corporate Controller and General Counsel will review this policy and the Corporate Records Retention Plan annually. Suggested changes should be submitted to the Corporate Controller. Changes in the records retention plan made necessary by changes or additions to the law will be communicated directly by the Corporate Controller to each of the Division Controllers who will cause appropriate changes to be made in the records retention plans of the divisions.

Interpretation

The Corporate Controller and General Counsel will be responsible for interpreting any portions of this management guideline or the records retention plans as they apply to specific situations.

 Exhibit B -- Model Corporate Records Retention Plan
[Guidelines for Retention of Correspondence and Internal Memoranda]

General correspondence should normally be retained as follows:

  1. Letters to be Destroyed Within One Year.
  1. Routine letters and notes which require no acknowledgment or follow-up, such as notes of appreciation, congratulations, letters of transmittal and plans for meetings.
  2. Form letters which require no follow-up.
  3. Copies of interdepartmental or other company correspondence where a copy of same will be in the originating department's file.
  4. Letters of general inquiry and replies which complete a cycle of correspondence.
  5. Letters or complaints requesting specific action which have no further value after changes are made or action taken (such as name or address change)
  6. Other letters of inconsequential subject matter or which definitely close correspondence to which no further reference will be necessary.
  7. Chronological correspondence files.
  1. Letters to be Kept From 1 to 5 Years. (Following are examples; however, the specific retention periods should be defined in the appropriate functional category or department.)
  1. Letters explaining but not establishing company policy.
  2. Letters relating to establishing credit.
  3. Collection letters after the account is paid.
  4. Quotation letters where no contract results.
  1. Letters to be Kept INDEFINITELY or for the Life of the Principal Document Which It Supports. (Following are examples; however, specific retention periods should be defined in the appropriate functional category or department.)
  1. Letters pertaining to patents, copyrights, bills of sale, permits, etc.
  2. Letters which constitute all or a part of a contract or which are important in the clarification of certain points of contract.
  3. Letters denying liability of the company.

[Guidelines for Retention of Other Documents or Records]

(The letter P indicates permanent retention.)

  1. General Corporate Records. General principle -- The office of General Counsel shall be responsible for establishing adequate record retention programs and policies for all documents normally handled by that office. The office of General Counsel shall keep all legally required documents of business significance and, in addition, shall keep or provide for the retention of such other documents as may have historical value.
  1. Records of incorporation, bylaws and amendments thereto for the Corporation and subsidiaries (P)
  2. Qualification to do business in states and related records (P)
  3. Corporate seals (P)
  4. Canceled stock certificates (20 plus review by Corporate General Counsel)
  5. Stock transfer and stockholder records (P)
  6. Dividend records (P)
  7. Minute books of Corporate and Subsidiary Boards, Board committees and stockholder meetings (P)
  8. Annual reports, quarterly reports and proxy material (P)
  9. Shareholder proxies except for those related solely to the election of directors (P)
  10. Proxies for election of directors (10)
  11. All financing documents, credit agreements, loan agreements, commitments, etc. (10 after satisfaction or termination)
  12. Acquisition files (P)
  13. Divestiture files (review after 20)
  1. Legal Files and Papers
  1. Request for departure from records retention plan (P)
  2. Litigation files including correspondence, depositions, discovery, responses and pleadings:
  1. Major litigation (as determined by General Counsel on a case-by-case basis)
  2. Other litigation (1 after expiration of appeals or time for filing of appeals)
  1. Legal memoranda and opinions subject matter files. (5 after close of matter. Thereafter, review for utility and historic value.)
  1. Contracts
  1. Contracts and related correspondence and documents -- commercial (6 after expiration of termination plus written approval of General Counsel)
  2. Contracts -- government (3 after completion)
  3. Licensing and distribution agreements including production and royalty data (6 after expiration or termination plus written approval of General Counsel)
  1. Pension Documents and the Supporting Employee Data General principle -- Pension documents and supporting employee data shall be kept in such manner and for such periods that the company can establish at all times whether or not any pension is payable to any person and if so the amount of such pension.
  1. Pension plans and all amendments thereto (P)
  2. Pension plan determination letters (P)
  3. Records of employee service and eligibility for pension (including hours worked and any breaks in service) (P)
  4. Required personal information on employees and former employees. (Name, address, social security number, period of employment, pay: hourly or salary) (P)
  5. Records of plan administrator setting forth authority to pay (P)
  6. Records of pension paid to employees or their beneficiaries (6 after final payment)
  7. Reports of pensions or pension plans filed with the Department of Labor or the Internal Revenue Service (6 after filing)
  1. Personnel
  1. Original union agreements (P)
  2. Invention assignment forms (P)
  3. Records showing employee exposure to potentially hazardous substances (P, except documents may be discarded after 30 years after termination of all affected employees)
  4. Medical histories or health data (P)
  5. Earnings records (general) (P)
  6. Employees' personnel records, including individual attendance records, application forms, performance evaluations, termination papers, exit interview records, withholding information, garnishments, test results (individual), etc.(4 after termination)
  7. Individual contracts of employment (7 after termination)
  8. Commissions/bonuses, incentives, awards, etc. (7)
  9. Attendance records (general) (3)
  10. Job descriptions (3 after superseded)
  11. Safety or injury frequency reports (10)
  12. Affirmative action programs (5 after superseded)
  13. EEO-1 and EEO-2 Employer information reports (2 after superseded or filing, whichever is longer)
  14. Applications, resumes, results of pre-employment physicals, and related correspondence (no-hired applicants):
  1. Advertised job openings (2 from date of non-hire decision)
  2. Unsolicited applications and resumes (1)
  1. Correspondence with employment agencies and advertisements for job openings (1 from date of hiring decision)
  2. Wage and salary surveys (3)
  3. Census reports and headcount comparisons (3)
  4. Employee handbooks (P) XXX
  1. Insurance Records
  1. Policies:
  1. Workers compensation (P)
  2. Product liability (P)
  3. Umbrella (P)
  4. Property (P)
  5. Fidelity & crime (P)
  6. General liability (P)
  7. Other third party (P)
  1. Certificates:
  1. Issued on behalf of Company (3)
  2. Issued to Company (P)
  1. Group insurance plans:
  1. Active employees (until plan is amended or terminated)
  2. Retirees (P or until 6 years after death of last eligible participant)
  1. Audits or adjustments (2 after final adjustment)
  2. Claims files (including correspondence, medical records, injury documentation, etc.):
  1. Workers compensation (10 after close)
  2. Product liability (open -- no litigation. 5 after last correspondence or contact with claimant)
  3. First party (5 after last correspondence or contact with insurer)
  4. Other third party (5 after last correspondence or contact with third party)
  5. Long term disability (10 after return to work, retirement or death)
  6. Group life (5 after close)
  1. Release/settlements (25)
  2. Inspections (3)
  3. Loss runs (10)
  4. Annual loss summaries (10)
  5. Journal entry support data (7)
  1. Accounting and Finance
  1. Annual audited financial statements (P)
  2. General ledgers (10*)
  3. General journals and other posting & control media subsidiary to the General Ledgers (7*)
  4. Annual audit workpaper package (7*)
  5. Monthly financial statements (7*)
  6. Bank statements and canceled checks (7*)
  7. Original copies of accounts payable invoices and employee expense reports:
  1. Normal trade payables (7*)
  2. Freight bills (3*)
  1. Accounts receivable invoices (4*)
  2. Accounts receivable cash receipts files (4*)
  3. Annual plans and budgets (2)
  4. Strategic plans (2 after termination of plan period)
  5. Census bureau and other government surveys (7)
  6. Physical inventory records (7*)
  7. Appropriation requests (1 after post completion review) *The Corporate controller will annually issue a directive outlining the specific years to be destroyed.
  1. Tax Records. General principle -- All corporations required to file a tax return of any kind must keep books of account or records, including inventories, as are sufficient to establish the amount of gross income, deductions, credits or other matters required to be shown in any such return. These documents and records shall be kept for as long as the contents thereof may become material in the administration of Federal, state, and local income, franchise, and property tax laws. The Corporation shall keep sufficient records to prove its cost basis and to compute its earnings and profits permanently.
  1. Tax returns (income, franchise, property) (P)
  2. Tax bills, receipts and statements (P)
  3. Tax workpaper packages -- originals (P; Operating division copies to be retained for 7 years.
  4. Payroll tax records (7*)
  5. Sales and use tax records (7*)
  6. Excise tax records (7*) *Represents the estimated retention period for storage planning purposes. Actual retention will be based on the specific statute of limitations governing each return and the necessity to keep documents for years which remain open pending settlement with the taxing authorities. The Corporate controller will annually issue a directive outlining the specific years to be destroyed.
  1. Payroll Documents. General principle -- Payroll documents and supporting data shall be kept in such a manner that the company can prove that it has fulfilled its responsibilities under the wage and Hour Rules of the Department of Labor, as well as the Walsh-Heasley Act. Also, payroll records must be such as to enable the company to compute the payment of any pension. (See section G above.)
  1. Employee earnings record (P)
  2. Labor distribution cost records (7)
  3. Payroll registers (gross and net) (7)
  4. Unclaimed wage records (6)
  5. Employee deduction authorizations (4 after termination)
  6. Assignments, attachments and garnishments (3 after payment or settlement)
  7. Time cards and sheets (2)
  1. Plan and Property Records
  1. Original purchase, sale or lease agreement of plant facility (P)
  2. Correspondence, property deeds, easements, licenses, rights of way and miscellaneous documents pertaining to sold plant facilities (10 plus approval of General Counsel)
  3. Property insurance policies (P)
  4. Fixed asset ledgers (year-end run) (7 plus written approval of Corporate Controller)
  5. Mortgages (10 after satisfaction)
  6. Records relating to disposal of plant waste (3)
  7. Plant inspection and safety audit reports (3)
  1. Research and Development
  1. Original patents, trademarks and copyrights (Life of patent, trademark or   copyright plus 3)
  2. Minutes of all technical meetings (20 plus written approval of General Counsel)
  3. Invention notebooks and invention records (20 plus written approval of General Counsel)
  4. Laboratory notebooks, supporting data and test data (20 plus written approval of General Counsel)
  5. Outside submissions of new product ideas (20 plus written approval of General Counsel)
  6. Quality control data (20 plus written approval of General Counsel)
  7. Production batch data (20 plus written approval of General Counsel)
  8. Pilot run data and related research (20 plus written approval of General Counsel)
  9. Inspection and test reports on new or proposed products (3)
  1. Safety and Environmental Documents. General principle -- The company must keep all documents in relation to employee and public health and safety for such periods as will enable it to demonstrate compliance with an applicable regulation or standard. These standards and regulations are in a state of continual expansion and change. Following is a current list of widely applicable rules:
  1. Records relating to each occupational injury or illness, including the annual summary and other OSHA forms (5)
  2. Companies subject to asbestos standards:
  1. Personnel or environmental monitoring (P)
  2. Employee medical examinations (30)
  1. Companies subject to ionized radiation standard:
  1. Employee radiation exposure tests (P)
  1. Companies subject to vinyl chloride standard:
  1. Monitoring and measuring records and authorized personal rosters (30)
  2. Medical records (Longer of employment plus 20 or 30)
  3. Monitoring and inspection reports (P)
  1. Companies subject to mechanical power press standard:
  1. Records of periodic regulation inspection (P)
  1. Companies subject to industrial slings standards:
  1. Inspection records and repair records (1)
  1. Companies subject to carcinogen standards:
  1. Authorized personnel rosters (20)
  2. Medical records (30)
  3. Monitoring or inspection reports (P)
  1. Companies subject to ground fault standards:
  1. Testing records (P or until superseded)
  1. Companies subject to ethylene oxide standard 29 CFR 1910.1047 Testing records (P)
  2. Environmental site files including insurance claims (P)
  3. Records relating to disposal of hazardous waste (3)
  1. Manufacturing
  1. Lab test reports (20 plus written approval of General Counsel)
  2. Product tooling, design, specifications and research data (20)
  3. Engineering change requests (10)
  4. Engineering change notices (10)
  5. Work orders (3)
  6. Bills of material (2)
  7. Safety related tests and inspection reports for existing products (5)
  8. Records showing quantities, sources, costs, shipment dates and related information for products assembled abroad with U.S. components (5 from date of re-entry)
  1. Quality Control and Inspection
  1. Inspection and test records (P)
  2. Customer service records (10)
  3. Equipment and instrument calibration records (10)
  4. Material substitution records (10)
  5. Supplier quality data (10)
  6. Returned goods records (10)
  7. Consumer complaints (90 days)
  8. Summary of consumer complaints (5)
  1. Traffic and Transportation
  1. Freight bills (3)
  2. Bills of lading, waybills (2 after delivery)
  3. Freight claims (2 after settlement)
  4. Household moves (3 after move)
  5. Rates and tariffs (1 after superseded)
  1. Sales and Marketing
  1. Catalogs and price lists (P)
  2. Advertising copy and marketing programs (5)
  3. Copies of packaging materials and instructions (5)
  4. Customer order files (4)
  5. Customer correspondence files (4)
  6. Salesmen's reports (2)
  7. Sales department copies of invoices (1)
  8. Rebate and co-op advertising payments (6)
  9. Exporter's certificate of origin and information necessary to prepare certificate for exports to or import form Canada (5)
  10. Records relating to duty drawbacks on exports (4)
  1. Credit Relating to Customers
  1. Application for credit approval forms, qualification reports (1 after account becomes inactive)
  2. Collection litigation files (3 after legal settlement and satisfaction of judgment)
  3. Correspondence -- collection (2)
  4. Customer financial statements (Until superseded)
  5. Guarantees and subordination agreements (3 after termination and settlement of account)
  6. Security agreements & financing statements (3 after satisfaction)
  1. Procurement Material Control
  1. Purchase order register (6)
  2. Vendor files (requisitions, purchase orders, quotations, correspondence) (6)
  3. Inventory control reports (3)
  4. Production schedules (1)
  1. General
  1. Books, professional periodicals, published reports, etc. (Review annually for usefulness and discard obsolete material)
  2. Charitable contribution records (7)
  3. Consultants reports (2)
  4. Departmental budgets and related work sheets (2)
  5. Major corporate and division policy and procedure manuals (Originating department permanent-receiving departments retain only current version)
  6. Major speeches by corporate officers (4 thereafter, review for historical value)
  7. Material of historic value (pictures, publications, etc.) (P, in custody of archives or public relations department)
  8. Project files not otherwise classified (Review at close of project)
  9. Trade association materials (Review annually for usefulness)

Memorandum to Employees Advising Them of Investigation

TO: [Appropriate EmployeesLimited Circulation Only]

FROM: General Counsel

The corporation has received [a grand jury subpoena requesting certain corporate records] or [uncovered information respecting (describe)]. The inquiry relates to allegations that this corporation (describe). It is ABC's policy and practice to comply with all state and federal laws and regulations.

In order to obtain legal advice concerning the scope of these problems, if any, and the company's legal obligations with respect thereto, the Board of Directors has [authorized this office] or [hired the law firm of....] to advise the corporation on the legal ramifications of the investigation. I [am authorized] or [have authorized the firm] to conduct an internal investigation to gather information to aid [me] or [it] in rendering advice.

Because you may have valuable information which you possess as a result of your corporate activities, members of [my office] or [the law firm] may interview you. You are to cooperate fully with them. They will be contacting you shortly. You are to keep the information that you impart to them confidential and discuss it with no one else.

[The law firm of ...] or [this office] represents the corporation and not you personally. However, your communications to them on this subject will remain confidential (at the corporation's discretion), and will be disclosed only to corporate management and other legal counsel, and will not be disclosed outside the corporation.

You may also be contacted for interview by investigators or other representatives of state or federal regulatory or law enforcement agencies. If you are interviewed, you have the right to have an attorney represent you at such an interview. In order to preserve your personal rights, and because ABC desires to be advised of the status of any investigation into its activities, the company requests that you notify corporate counsel prior to any such interview, so that arrangements can be made for your representation and so that ABC may be properly represented in the interview as well.

You are directed to preserve any and all documents relative to (to be completed). It is extremely important that no documents be removed, destroyed, tampered with, or altered. Such documents should be retained in a safe place, under lock and key, in their currently existing condition. A representative of

[...] or [this office] will contact you shortly concerning such documents.

Finally, you are advised that this matter is CONFIDENTIAL. Please do not discuss it with family or friends or other employees or anyone else, other than representatives of [...], or an attorney retained to represent you personally.

Thank you for your cooperation.

Sincerely,

 

Home Legal Disclaimer Privacy PolicySend mail to webmaster@aftab.com with questions or comments about this web site.
Copyright © 2005 Parry Aftab
Last modified: 02/04/07
Marvel and all character names and the distinctive likenesses thereof are trademarks of Marvel Characters, Inc., and are used with permission. TM & © 2004 Marvel Characters, Inc. All rights reserved. “Super Heroes” is a Co-owned registered Trademark.