News Stay informed about the latest enterprise technology news and product updates.

Electronic records retention: What's your company policy?

Going against conventional electronic records management wisdom, a group of records retention and information management experts admit to keeping everything.

At a recent conference in New York , sitting in the back row (my favorite spot), I got to view 200 people gasping to something the speaker said. It was the kind of intake of breath people make when they're thinking: "What? Are you nuts?" I saw heads turn, shake in disbelief and whisper to the person sitting next to them, "Did he just say he doesn't get rid of anything?"

I was attending the IDC-Kahn Consulting Inc. Compliance in Information Management Forum on Wednesday when George Goldsmith, director of enterprise content management and litigation support at pharmaceutical company Forest Laboratories Inc., admitted that his organization saves all its emails. Given Forest is an $8 billion company with 5,000 employees, not surprisingly, people were a bit shocked -- as was I.

After all, we had just heard Sandra Hostetter, program manager for electronic content management and retention at Rohm and Haas Co., present her impressive electronic records retention program, which included the automatic deletion of emails after 60 days. That seemed like a sound practice to me. And isn't a records retention and storage management program the Holy Grail to IT departments trying to control the explosion of data held in their care?

But Goldsmith: We keep everything.

There are legal hold issues, of course, he argued, and this: They don't know enough about what they have to logically, ethically, legally or randomly throw stuff out.

Not surprisingly, when you're in a room mixed with records management administrators, lawyers and IT professionals, all of whom have different objectives when it comes to managing vast amounts of data, you get mixed reactions. But if I had to guess, the only ones who didn't gasp in horror were the lawyers. Apparently, they like to hold on to either nothing or everything. Go figure.

But as the day progressed and a few more speakers talked about their electronic records management philosophies, Goldsmith's no-purge policy didn't seem so shocking after all.

Regardless of the size of the organization, electronic information management -- at least in today's litigious world -- is hardly an exact science. Companies large and small are trying things to see what fits. I had always thought the practice of methodically purging email was a sound position. But perhaps it's not the only way.

While records management has its established rules, electronic information management is an entirely new ball of wax. And I don't see that the Federal Rules of Civil Procedure made it any less complex. Experts say the rules are vague and remain open to interpretation. As a result, how to handle electronic information is vague and remains open to interpretation.

Roman Coleman, vice president, enterprise records and information management at SunTrust, has built three records management programs for major corporations, including Qwest Communications in California. He says getting rid of information you know to be nonessential is good, but too many organizations get rid of content because they have "irrational fears" that in the middle of all that information there's incriminating data.

It might be tough to convince your CFO that you need $35,000 in additional storage, but it'll be even tougher to convince a judge that you were acting in good faith.

If a smoking gun does exist, he said, it will be found and an autodelete-in-60-days policy will not save you.

"If you don't have a legal obligation to hold on to things, don't. But if you do, you need to prove a good-faith effort that you kept what you needed," Coleman said.

And to IT folks: Don't think you can continue to use the cost of storage as an excuse to purge emails and other forms of content. It's a legacy mentality to say that storage is too expensive. It's not. So get over it, Coleman says. It might be tough to convince your CFO that you need $35,000 in additional storage, but it'll be even tougher to convince a judge that you were acting in good faith. "Judges aren't stupid." Claiming to be cash-strapped isn't a sound defense. It will never hold up in court.

I can just imagine midmarket CIOs cringing at the idea of saving everything (although we know a lot of you do for lack of any kind of cohesive records retention program). But think about this: Does purging content after a random number of days make better sense? I'm no longer sure.

At the end of the day what I learned is that it all boils down to two things: Organizations don't understand their own content, and they toss content or keep it because it's the only way they know how to manage it. I've decided I don't support one practice over the other. What I advocate for is that organizations figure out a way to get a handle on what exists within their content and then create delete policies based on what they know, not what they don't know (or don't want to know.)

Let us know what you think about the story; email

Dig Deeper on Automating compliance processes

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.