The Courts Will Come Looking for IG
“It is clear that [the] lack of a retention policy and irresponsible data retention practices are responsible for the loss of significant data . . . Information management policies are not a dark or novel art. Numerous authoritative organizations have long promulgated policy guidelines for document retention and destruction.”
Philip M. Adams & Associates, LLC v. Dell, Inc., 2009[1. Philip M. Adams & Associates, LLC v. Dell, Inc., 2009 WL 910801 (D. Utah Mar. 30, 2009.)]
IN BRIEF. IG makes sense because courts and regulators will closely examine your IG program. Falling short can lead to fines, sanctions, loss of cases, and other outcomes that have negative business and financial consequences.
There used to be an open secret about IG. Nobody talked about it, but everyone believed it. The secret? If all you did about IG was write a bunch of words on a piece of paper, call it a policy, and put it in a binder on a shelf somewhere, you were good. You had taken care of your problem.
That era is over.
Today, courts, regulators, and other outside parties have grown in sophistication and expertise when it comes to IG. Dead policies on dead trees don’t work. Today, your IG program needs to be comprehensive, funded, enforced, and real. Recent cases demonstrate this.
For example, in the case quoted above, the court not only looked for the existence of an IG program, but evaluated the legitimacy of various aspects of the program in detail. It questioned the lack of IG policies, stating that the litigant “did not have a . . . information management policy” and questioned why it offered “no statement from management-level persons explaining its practices, or existence of policies.”[2. Ibid.]
Further, the court made an interesting statement about evaluating IG programs that should put all organizations on notice that they can expect outside parties – including courts and regulators – to evaluate the quality and reasonableness of their IG programs:
“A court-and more importantly, a litigant – is not required to simply accept whatever information management practices a party may have. A practice may be unreasonable, given responsibilities to third parties. While a party may design its information management practices to suit its business purposes, one of those business purposes must be accountability to third parties.”
An IG program is not merely an internal, private affair. Rather, an IG program is a statement to the world about how seriously you take your information management obligations. Expect it to be closely examined.