If you think your stress level is high, imagine being Arthur Andersen Partner David Duncan in late 2001.
With the collapse of his client Enron unfolding and a Securities and Exchange Commission investigation looming, Duncan met with a company forensic investigator. Duncan picked up a document with the words "smoking gun" written on it, said "we don't need this," and began to destroy it.
He was not alone. Andersen employees shredded and deleted a substantial volume of documents after the firm instructed them to, pursuant to its document retention policy.
Andersen's frenzied shredding may forever symbolize the nadir of American corporate responsibility. Last week, however, the U.S. Supreme Court reversed the firm's conviction for obstruction of justice.
The court held that merely instructing employees to follow the firm's document retention policy, even under those suspect circumstances, was not necessarily criminal. The question of Andersen's guilt or innocence should have turned on whether Andersen acted dishonestly and with the intent to obstruct a particular governmental proceeding.
The decision does not redefine the criminal boundaries of appropriate document destruction (although it is safe to assume that one should probably consult an attorney before shredding "the smoking gun.") It is a reminder, however, of the importance of appropriate, ethical document retention policies.
Reduce, retain, remove
A document retention policy can reduce storage costs and increase efficiency. It also provides some control over information. As the Supreme Court acknowledged in Andersen, document retention policies "keep certain information from getting into the hands of others, including the Government. ... " They also can keep important information accessible.
Like the familiar recycling theme, a policy should show how and when to "reduce, retain and remove."
- Reduce. Generate only professional communications. E-mails with sexual references, off-color jokes and insults are to plaintiff employment lawyers as catnip is to cats.
- Retain. If information is still important, have a mechanism for retrieving it efficiently.
- Remove. Once that information is no longer useful, destroy it.
Information control can win or lose a lawsuit. I have reviewed lists of all the pornographic sites a plaintiff visited and have consoled a manager worried that her steamy e-mails to her fiancé would become public record during a lawsuit. I have also found smoking guns buried in long-forgotten documents. Document-retention policies should address these issues.
The following are ideas for implementing an effective policy:
- Reduce. Consider prohibiting personal e-mail on the company server. Impart common-sense advice to employees to consider how a misdirected (or maliciously directed) written communication would look to a client, a competitor or opposing counsel. Sarcasm and jokes are not very funny during cross-examination.
- Comply. Know the law. Some documents, such as tax returns and regulatory compliance records, must be retained for a certain period of time.
- Tailor. An ethical policy should eliminate documents, good and bad, only when they have outlived their importance. Few companies will benefit from a mechanistic policy based only on vintage and not on the type of document.
- Write. Put the policy in writing. Ambiguity and inconsistency ensure failure.
- Retain. If information is worth retaining, it needs to be accessible. The cost of producing documents for litigation can be staggering, especially if the information is contained on old backup tapes for obsolete software applications.
- Execute. Establish regular intervals for destroying types of records, and specifically task enforcement and oversight responsibilities. Without centralized oversight, an inconsistently implemented policy can be as bad as no policy at all. Imagine where Andersen might be today if it had simply been consistent.
- Educate. Teach employees how the company expects them to manage documents. Inform clients how their documents will be retained.
Stop the destruction
One issue the Andersen case highlights is that different standards apply to document destruction once litigation or a governmental investigation is anticipated. Although that case received significant media coverage, the issue of missing evidence plays out regularly in the courts.
A judge has broad discretionary power to punish the spoliation (i.e. improper destruction) of evidence. Sanctions can include criminal prosecution, massive monetary fines, a presumption to assume the worst about the evidence and dismissal of a case.
When trouble looms, do not send out an e-mail, as Andersen did, to "make sure to follow the [document] policy." A well-implemented policy has already done all it can do. Do not wait to be served with papers. Instead, meet with counsel early to ensure evidence is preserved. Even routine housekeeping tasks, such as writing over backup tapes, could subject a party to spoliation sanctions.
"Shred" is not a four-letter word
Selecting documents for destruction is only half the battle. The other half is making sure that the documents are actually destroyed. Because of the proliferation of Dumpster-diving identity thieves, not even trash is sacred. Throwing documents away is no longer good enough.
As of June 1, 2005, anyone who uses a consumer report for a business purpose is subject to rules of the Fair and Accurate Credit Transactions Act of 2003. These rules require destruction policies that reduce the risk of consumer fraud and identity theft.
Covered entities must dispose of paper and electronic documents with personal information "by taking reasonable measures to protect against unauthorized access to or use of the information." The rule suggests "burning, pulverizing or shredding of papers" or entering into "a contract with another party engaged in the business of record destruction."
For more information, refer to "New rule seeks to protect privacy by requiring proper disposal of sensitive consumer information," at www.ftc.gov/bcp/conline/pubs/alerts/disposalalrt.htm
Noncompliance invites enforcement actions by the government and suits from victims, including class actions, for actual damages and statutory damages of up to $1,000 per violation.
Regardless of whether FACTA or common sense applies, it makes good business sense, after implementing a document retention policy, to protect the confidences contained in discarded information.
This opinion piece was published in The Business Journal of Portland on June 10, 2005.