Dangerous Documents Legal Compliances State and federal laws Contractual obligations Subject to an affirmative legal duty to establish and maintain certain records for specified periods of time It’s Not Just Paper Anymore Approximately 30% of all data make it to paper Most all documents are computer-based Information is being stored digitally CD = 700 MB = 5 boxes of paper Hard drive = 30 GB = 214 boxes of paper Multiple copies and variations exist in multiple locations Where are dangerous documents found? Mainframe Mail Server (email) File server Computer hard Disks, CD ROMs, drive DVDs, Zip drives, etc. Cell phones Palm pilots Voice mail Tape backups, including offsite storage Blackberry Virtual Workrooms Digital cameras (bulletin boards, chat rooms) MS Word – A Dangerous Document? Embedded information in documents Metadata Comments Redlines Data, filename, file type, author Drafts Keep only the final copy Destroy draft versions Who has these dangerous documents? Sources Internal External Internet People Employees Consultants Clients Experts Suppliers Electronic dangers Viruses and Trojans Increased use of email in litigation Instant Messaging (IM) can allow users to “go under the radar” if IT does not track Spyware can be deployed on user’s computer w/o their knowledge to track people’s computer movements Sarbanes Oxley Act (Jan 2002) Purpose: to assure accountability and accurate reporting of financial data and significant events Requires internal controls and information management Must document to demonstrate compliance Document Retention Prevent violations of state & federal laws Provide standard procedures Protect organization during litigation, investigations & audits Reduce costs of discovery Protect officers & directors from liability Preserve organization’s reputation Company Retention Policy Must be reasonable & not in bad faith Must cover… Responsible individual(s) Procedure for storing, indexing & destroying documents Identify documents (consistently not selectively) Identify physical location of paper & media Indicate retention schedule Acceptable Use of Policies Legitimate business purpose No reasonable expectation of privacy Inform employees that institution retains the right to review emails & web browsing activities HR Issue Documents contain social security numbers Identity theft Electronically collected information must be secured As it is collected & stored Sources Guide, Advise, Protect Hidden Liabilities: What is Lurking in Your Files Brian H. Nelson, Esq. (Edwards & Angell) Elizabeth Bates (Consultrex USA) Controlled & Uncontrolled Records: Management & Discovery David Whetmore (Ernst & Young)