Important Information About Document Retention Policies

In most workplaces, the days of corridors filled with filing cabinets filled with folders filled with documents are gone, replaced by a noisy, overheating room filled with servers loosely connected to obscure, arcane backup options. In the days of paper, physical space was at a premium, now drive space and bandwidth pose similar limitations on the storage of documents. As part of this shift from corporeal to cyber, both laws, and partly as a result of laws, policies regarding document retention have also shifted. Failure to consider and follow document retention policies and requirements can lead to civil or in some cases even criminal sanction, and can hobble the defense of a lawsuit due to claims including “spoliation,” or destruction of evidence. Legal Requirements The Federal Election Commission, the Securities Exchange Commission, the IRS… the number of agencies requiring records to be held for various industries and endeavors is dizzying. The specifics of legal document retention requirements are far beyond the scope of this article, and it is fair to say that blind adoption of a “cookie cutter” retention policy is a (potentially criminally) bad idea. Virginia law, for example, has a number of requirements to both generate and maintain records for various periods of time. Corporate organizing documents for LLCs must generally be kept for 3 years. 16VAC5-32-10 requires employers to keep records of employees for 4 years after taxes are paid, and creates a presumption in favor of the opposing party where the records are not kept. The Virginia statute of limitations on a written contract is 5 years, see Va. Code § 8.01-246(2), and on an unwritten contract is 3 years, see Va. Code § 8.01-246(4), making retention of documents related to each a good idea, if not a legal requirement. Similarly, the Virginia Department of Taxation requires tax withholding information to be retained for 3 years “after the due date to which they relate or the date the tax was paid, whichever is later,” and this may differ from what is required by the Federal Internal Revenue Service. Specific to motor carriers and those involved in freight, the FMCSA has requirements regarding not only what records must be kept, such as records showing financial reserves for covering liability (49 CFR §§387.31, 387.7), but also what form records can be kept in (49 CFR §390.31) and where records must be kept and time requirements for inspection (49 CFR §390.29, less than 48 hours). The FCMSA also has a number of specific regulations requiring documents about drivers to be kept for 3 years or for the length of a driver’s tenure plus 3 years, such as the application (49 CFR §391.21, which includes the driver’s employers, driving record, and addresses for the 3 years prior to the accident), training records (49 CFR §380.509) and §396 requires similar records about vehicles to be kept for at least 1 year or until 6 months after the vehicle “leaves the motor carrier’s control (49 CFR §396.3). In fact, 49 CFR §396.9 requires records about vehicles to be “at a terminal or facility of the motor carrier operating the vehicle…” within 24 hours. It is notable, however, that document retention requirements can come from some strange places. Obstruction of justice, for instance 18 USCS § 1503, has been held to apply to document destruction. See United States v. Gravely, 840 F.2d 1156, 1160-1161 (4th Cir. 1988) (Obstruction of justice conviction for destruction of internal memoranda during pendency of grand jury proceedings upheld). Title VII of the Civil Rights Act of 1964, 42 USCS §§ 2000e to 2000e-17 and 29 CFR 1602, imposes recordkeeping requirements, in fact it reserves an unused right to require certain records to be created. See 29 CFR 1602.12. With litigation discussed at length below, the knowledge of pending litigation may create additional legal requirements to preserve records and data. It is routine practice to send a “litigation hold letter” to an anticipated defendant in litigation. These hold letters should immediately halt any document destruction or discarding, even if strict adherence to a company retention policy would dictate otherwise. Business Use While this article might have started with the practical, business reasons for creating and adhering to a document retention policy, inflexible legal requirements that could prove costly in terms of both money and personal freedom justifiably seized the starting slot. Still, if rote adherence to only the barest of legal requirements prevents your company from having ongoing access to the records it needs to function, the policy is a burden where it might be an asset. Assuming you have already conferred with counsel or other appropriate advisors and determined what records you are legally required to keep and for how long, you are then in a position to elect how long to retain other records. Considerations for elective record retention include keeping documents you are otherwise required to keep (or strongly benefited by keeping) longer than you otherwise might. For instance, a contract has a statute of limitations of 5 years, but if it includes warranty provisions or arguably includes 3rd party beneficiaries, keeping it longer is likely to be highly beneficial. Most companies are required to keep tax records indefinitely, but correspondence regarding those records might be important in context. Correspondence brings up a second category of records, those which you aren’t required to keep at all, but which might prove useful. Internal correspondence relating to the history behind a decision, or the response to an incident would obviously be important if that decision were later the subject of government inquiry or a lawsuit. One can easily conceive of a policy where records are kept for, say, 7 or even 10 years after a client file is closed, for example. How can a record retention policy be an asset? Any records you destroyed can’t be misappropriated, which prevents identity theft, corporate espionage, etc. Furthermore, if your policy conforms with applicable law, is overseen and strictly adhered to, it might cover you from questions about the destruction of records sought by another party in litigation. Litigation Rule 34 of the Federal Rules of Civil Procedure requires production in litigation of requested documents or “electronically stored information” either “as they are kept in the usual course of business” or organized in the form of the request, and “in a form or forms in which it is ordinarily maintained or in a reasonably usable form or forms.” State rules may be less clear, but at least one Virginia court has interpreted Virginia’s Rule 4:1 even more broadly: “… what seems to me to be most reasonable under the circumstances is to have Defendant produce the requested [electronically stored information] in any electronic format Defendant chooses, so long as that format is both useable and searchable.” Huff v. Winston, 89 Va. Cir. 429, 433 (Roanoke Cir. 2015). Moreover, whenever a document is edited, saved, and in some cases, moved, the file is appended with “metadata.” This metadata can include information such as edits to the document, famously used in Mueller’s ongoing investigation, when the document was created, how long it was open, who created it, etc. The requirement that documents be produced “as they are kept” or “in a form in which… it is ordinarily maintained” would include this metadata, as contemplated in the 2006 Committee Notes to Rule 26 of the Federal Rules of Civil Procedure (“Information describing the history, tracking, or management of an electronic file (sometimes called ‘metadata’) is usually not apparent to the reader viewing a hard copy or a screen image. Whether this information should be produced may be among the topics discussed in the [discovery] conference.” Again, at least one Virginia Court has ruled metadata to be subject to discovery: “the Audit Trail sought by the Plaintiff in this matter is discoverable. This includes Metadata.” Eason v. Sentara Careplex Hosp., 88 Va. Cir. 291, 292 (Hampton Cir. 2014). What this means is that (assuming no legal requirements per the section above) your document retention policy should be clear on things such as what happens to paper originals and when, how and where documents are archived (digitally or otherwise), and probably even what happens with the archives. Avoiding getting too deep into the weeds, every time you access and search your archives, you may be changing the metadata on the included files, however inadvertently. Also, converting paper records to digital may satisfy record-keeping requirements, or it may not. See Va. Code § 59.1-490(a) (1950, as amended) (“If a law requires that a record be retained, the requirement is satisfied by retaining an electronic record of the information in the record which: …Accurately reflects the information set forth in the record at the time and after it was first generated in its final form… and …Remains accessible for later reference.”). Enforcement In order to avoid the unpleasantness of being fined or worse by a court or government agency, clearly there needs to be some sort of oversight and enforcement of any document retention policy which may be in place. Ideally, with appropriate use of digital backups, the inadvertent discarding of physical documents or deletion of digital records would be noticed in time to prevent the loss of any actual documents or data. Internal oversight and meaningful enforcement are very real issues¸ and inconsistent enforcement can have severe legal consequences. Any document retention policy must be unequivocal on who is to enforce the policy and how, as well as what punishment or penalty will result for failure to adhere to the requirements. Failure to apply the policy is worse than having none at all in many cases, because failure to follow your own rules smells like bad faith. For example, in Micron Tech., Inc. v. Rambus Inc., 917 F. Supp. 2d 300, 316 (D.C. D.E. 2013) “selective” enforcement of a document retention policy that led to the destruction of evidence resulting in the court finding patents unenforceable against the opposing party. Rambus essentially lost protection of valuable patents for destroying records. If your company has no document retention and destruction policy, it probably needs one. If your company does have a document retention and destruction policy, it’s probably worth a second look. A review of your policies and procedures is well-advised. If you have any questions about the information in this article, please contact Steve Setliff at (804) 377-1261.