There are certain apparent truisms which fall from the mouths of some of those involved in disclosure / discovery / document retention which it seems pointless to correct. They are not wrong, exactly, or are at least founded in something which is not wrong, but are summaries so concise as to conceal the complexities of the reality.
You must disclose all documents relevant to the matters in issue is the one which comes my way most often. Useful word, relevant, and actually quite difficult to avoid when describing in general terms what makes a document disclosable in UK litigation. What makes it wrong, despite its usefulness, is that it was a term of art in pre-CPR (that is, pre-1999) discovery (the actual words were relating to matters in question) and its use now obscures the fact that the present test does not merely use different words, but actually means something very much narrower than the old Peruvian Guano test (see Relevant is irrelevant for disclosure).
Another favourite, heard recently, is they are all our documents, so data protection is not an issue which worries us. It might worry the Information Commissioner though, to say nothing of those individuals who can, at the least, claim a joint interest in ownership of the data.
A third is we destroy everything afer six years when the limitation period expires. There are, of course, many good reasons for destroying documents well before their sixth birthday, but a belief that they were valuable the day before that and became of no use as the candles were blown out on their sixth cake is not one of them. You might well get rid of them earlier after an assessment that the risk of needing them was small relative to the cost of keeping them. You might keep them for longer on the basis that they governed contractual relations for as long as the contract subsisted, not just for six years from the making of it. Precisely six years from the date of creation may be convenient, but is rarely going to be as just right as it sounds.
Christina Turton of Barclays fell into none of these traps in an interesting summary of Barclays’ document retention policies at the IQPC Information Retention and E-Disclosure Management conference last week. When Barclays came to consider limitation periods, it was found that 400 different sets of limitation periods applied to documents within their care. The problem of deciding what to keep and what to destroy is quite hard enough without having to decide which period (or periods, since any one document may fall under more than one set of regulations) applied to it. The differing periods were pruned to a more manageable set in a risk-based approach which took account of relevant regulations, cost and the realities of life. The document retention schedule was reduced to a one page document.
A three year mandatory period for keeping mortgage documents did not, for example, reflect the reality that many mortgages last for 25 years. The policy now requires that they be kept for six years after the account was closed, a basis which gives rather better effect to the contractual risk. Reading around the subject before writing this, I find that BT’s data retention policy requires data to be kept for 6 years and one quarter after account closure, with different (and very much shorter) periods for credit card details and e-mail addresses This is, I think, a widely accepted standard.
The familar (and useful) 80/20 rule applies to the new and shorter list of retention periods at Barclays – 80% of the documents have the same retention period and 20% have varying ones.
One of the interesting aspects of attending such conferences, is that you hear of widely different solutions to what is, in essence, the same problem – I am talking here of broad approaches rather than detailed policies, which are necessarily tailored to the organisation. The poles (as in “poles apart”) are policies to delete documents almost as soon as they are created and policies which keep almost anything for ever. Inevitably, you do not find (on the platforms anyway) people who say that they have not given the subject a moment’s thought, have no policy, and do not really foresee a problem when the regulator poles up one breakfast-time, or the external lawyers ask for “all the documents” about some pending or actual litigation.
If one believes the surveys, these companies are in the majority. I am not sure that this is in fact how it is for most of them. What I think happens is that the subject has come up (although probably not at the suggestion of the company’s lawyers) and has sat at the bottom of the board meeting agendas, thankfully deferred from meeting to meeting, too vast to contemplate.
Sanjay Bhandari of Ernst & Young, speaking about this in an earlier session, said that “there is no need to boil the ocean”, a phrase which summarised exactly what many such companies feel as they watch the Terabytes accumulating, and which implies the possibility of a measured response to the problem – and measuring the problem is a good start. I have heard an in-house lawyer say at another conference that her company had considered the subject of document retention in some detail and decided that the balance of risk against expense did not justify large investment in systems, policies and procedures – they feared neither regulator nor litigation, and were willing to take the expense of dealing with them as and when they arose.
That may well be right in their particular circumstances. They had considered the facts and made a decision advisedly. That is very different from gaping at the ocean of data and deciding that it is too big a problem to be considered.