Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

Data Retention Policy

Packaged Services

This service reviews various aspects of an organization’s computing environment and delivers both a data retention policy and a technology framework by which the policy is enforced. Business organizations are now faced with a bewildering array of options for dealing with both the legal and technical issues presented. Many proposed technology centric solutions target well defined pain points while ignoring important legal governance issues. Other solutions focus on policy and disregard the technical implications. Our proposed solution is comprehensive and addresses both governance and the technical framework required for implementation.

Why develop a data retention policy?

Developing a data retention policy is a necessity for all mid to large organizations in order to manage information assets in a rationalized manner suitable for meeting the operational requirements of electronically stored information (ESI) and to meet the challenges of complex litigation. This service provides a comprehensive review of existing organizational practices, what we call the “As Is” state, and then derives a policy that governs the “To Be” state. The policy controls the end of life requirements of all record types (e.g. contracts, accounting, tax, legal, etc). The end of life for a given record type is controlled both by legal authority, which we provide, and by the business and technology requirements of the organization.

However, as described below, the deliverable of this engagement encompasses significantly more than the drafting of a policy. It also provides a technological framework by which said policy can be enforced. Without such a framework it is unlikely that the “good faith” requirements inherent in the recent changes to the Federal Rules of Civil Procedure (FRCP) can be met. Indeed, a policy without an enforcement mechanism will be of little use with respect to adequately managing the business problem created by the explosive growth of ESI—a business problem that includes litigation readiness, but extends far beyond it.

In short, a rationalized approach to data retention requires an interdisciplinary approach that lies at the intersection of business, law and technology. We have the expertise required to guide an organization to the desired “To Be” state using a collaborative project based approach.

What does it cost?

The cost will vary depending on the complexity of the organization and the number of record types. There are record types that are horizontal to the organization (e.g. email) and those that are vertical (e.g. contained within a functional business organization). A cost range is presented after gathering initial requirements and the development of a formal proposal.

What does it cover?

  • A policy that enhances the litigation readiness of an organization by providing a systematic approach to the management of discovery requests in a manner compliant with the recent changes to the FRCP (and similar state modifications likely to follow).
  • A policy that contains a legal/regulatory authority matrix by organizational record type—one that is foundational for the derivation of the controlling end of life term.
  • Forms that drive the information gathering and inventorying process necessary to capture the “As Is” state across both horizontal and vertical record types.
  • A technology framework, complete with system diagrams, which capture how a comprehensive enforcement mechanism could work.
  • A project based approach with clearly defined roles, responsibilities and milestones.
  • A suggested timeline for the “roll out” of the enforcement mechanism.

What is the deliverable?

As stated above, there are two principal deliverables of this engagement, with a number of interim deliverables (e.g. documentation of the “As Is” state) that mark project milestones. The two principal deliverables are:

  1. A Data Retention Policy that governs the end of life of organizational record types; and
  2. A technology framework that illustrates an approach necessary for comprehensive enforcement

What is not covered?

What is not covered in the engagement is any effort required to deliver the actual “roll out” of the enforcement mechanism. It is anticipated that the actual roll out will occur over a period of time with horizontal record types comprising the first order of priority. We are available for consultation during the roll out but such effort is not within the scope of this engagement.

Contact us today