Dangerous Documents
Legal Compliances


State and federal laws
Contractual obligations

Subject to an affirmative legal duty to
establish and maintain certain records for
specified periods of time
It’s Not Just Paper Anymore






Approximately 30% of all data make it to
paper
Most all documents are computer-based
Information is being stored digitally
CD = 700 MB = 5 boxes of paper
Hard drive = 30 GB = 214 boxes of paper
Multiple copies and variations exist in multiple
locations
Where are dangerous
documents found?
Mainframe
Mail Server (email) File server
Computer hard Disks, CD ROMs,
drive
DVDs, Zip drives,
etc.
Cell phones
Palm pilots
Voice mail
Tape backups,
including
offsite storage
Blackberry
Virtual Workrooms Digital cameras
(bulletin boards,
chat rooms)
MS Word – A Dangerous
Document?

Embedded information in documents



Metadata


Comments
Redlines
Data, filename, file type, author
Drafts


Keep only the final copy
Destroy draft versions
Who has these dangerous
documents?

Sources


Internal
External

Internet

People
Employees

Consultants

Clients

Experts

Suppliers

Electronic dangers




Viruses and Trojans
Increased use of email in litigation
Instant Messaging (IM) can allow users
to “go under the radar” if IT does not
track
Spyware can be deployed on user’s
computer w/o their knowledge to track
people’s computer movements
Sarbanes Oxley Act

(Jan 2002)
Purpose: to assure accountability and
accurate reporting of financial data and
significant events


Requires internal controls and information
management
Must document to demonstrate compliance
Document Retention






Prevent violations of state & federal
laws
Provide standard procedures
Protect organization during litigation,
investigations & audits
Reduce costs of discovery
Protect officers & directors from liability
Preserve organization’s reputation
Company Retention Policy


Must be reasonable & not in bad faith
Must cover…





Responsible individual(s)
Procedure for storing, indexing & destroying
documents
Identify documents (consistently not selectively)
Identify physical location of paper & media
Indicate retention schedule
Acceptable Use of Policies



Legitimate business purpose
No reasonable expectation of privacy
Inform employees that institution
retains the right to review emails & web
browsing activities
HR Issue



Documents contain social security
numbers
Identity theft
Electronically collected information must
be secured

As it is collected & stored
Sources

Guide, Advise, Protect


Hidden Liabilities: What is Lurking in
Your Files


Brian H. Nelson, Esq. (Edwards & Angell)
Elizabeth Bates (Consultrex USA)
Controlled & Uncontrolled Records:
Management & Discovery

David Whetmore (Ernst & Young)