Smart companies know the value of making modest investments to insure the integrity of essential electronic data.
Most business owners willingly write checks for insurance policies they may never use. But when it comes to insuring the integrity of — and access to — their company’s critical data, there are likely to hesitate due to the cost involved. But when you find yourself on the defense of litigation, think about how much you would be willing to pay to retrieve that one document that could make it all go away. Be proactive in 2017 with the three R’s of Review, Revise and Remind.
REVIEW The only constant in business policies is change. The New Year is a good time to review your existing policies for records retention and security to ensure they comply with current regulations and standards for your industry. Focus not just on the length of time documents and ESI are maintained, but also on security — e.g., physical security, storage access and back-ups. Be sure to look for nuances in your electronic storage vs. hard copy protocol.
REVISE The three most common times when a company realizes its document retention policies should have been revised are: (1) when the company experiences a sale or merger (and needs access to documents for due diligence); (2) during the audit or tax preparation process; and (3) during discovery in litigation. Considering your records retention policies at these times is too little too late. Work closely with your vendors and IT (and other) staff to ensure that your records retention policy keeps pace with ever-changing tax, privacy and security requirements.
REMIND Employees at every level of your organization need to be trained in and reminded of your policies concerning the retention and security of documents. For example, there should be a consistent method of identifying files that is intuitive and consistent so that documents can be located when needed. Moreover, you should remind employees that company computers are for company business. Files maintained on a company computer, e-mails to and from a company e-mail server, and web searches from a company computer are not private and our experience shows that all of these materials can create an exposure for your business, particularly where such materials blur the personal and professional. These rules should be shared with employees.
Practicing the three R’s will get your business proactively organizing your records, but inventory and back up are also critical processes.
The term inventory isn’t the first thing that comes to mind when executives think of records and documentation. No manager wants to take a valuable employee away from work projects to go to a warehouse or storage facility to see what is being stored, or sift through files accounting for what’s stored on the cloud. However, it’s much easier to do a bit at a time than to put it off and be overwhelmed later.
For back up, businesses now often use “cloud-based” storage (data stored on servers that can be housed across town or across the country). However, what about vital files that were backed up on technology that is no longer used? How will you retrieve data from a floppy disc? Review those older files for relevance and be sure the data is transferred to current storage systems. The cost of protecting memory storage is much less expensive than losing valuable data.
Michael C. Foster
About the Author
Michael C. Foster represents clients in general business litigation, bankruptcy and insurance matters.
For more than 40 years, Tripp Scott has played a leadership role in issues that impact the state of Florida. This information is shared as a resource to help you understand strategies of wealth protection.