The key to resolving the challenge of excess data is for firms to establish a robust data retention and disposition policy. This means drafting and agreeing a policy, supporting it with appropriate processes, controls and procedures, and then ensuring it’s faithfully executed.
Creating a data retention and disposition policy
Policies don’t have to be elaborate, but they must be adequate, realistic, and signed off by all parties. A retention schedule sits at the core of your policy. This living document allocates a review date to every piece of data. This will be when it’s assessed for further retention, or disposition or destruction. In the case of matter material, the destruction review date depends on the jurisdiction. Also note that in the US it’s customary to offer to return materials to the client at the end of the retention period, whereas in the UK it’s customary to destroy them.
Executing the policy
Policy execution consists of reviewing data when their destruction date comes round to ensure materials due for destruction have no intrinsic, historic or professional value. One firm we know of, for instance, found a piece of paper with Charles Dickens’ signature.
But probably of more relevance, the firm will have to ensure it doesn’t destroy anything that might be needed as evidence in a future action against the firm. You also need to make sure that a client doesn’t owe the firm money before matter records are destroyed, and that nothing commercially sensitive or embarrassing is being returned to a client in the US.
Getting disposition over the line
Finally, bear in mind that all the effort that goes into creating and enacting a data retention and disposition policy will be wasted if the firm doesn’t actually manage to reduce the volume of data held. But it can be hard to get data destruction decisions over the line – not least because there’s no revenue in this activity, so pinning senior members of the firm down to do data reviews can be difficult.
This is where technology can be invaluable. For instance, data engines can be set up to apply the firm’s retention policies and authorization requirements automatically. Workflow processes can be implemented, and simple interfaces can bring all matter information together in one place to make the review process much easier. These tools can be a huge help in ensuring that the firm’s important data disposition actually gets done.
To find out more join the LegalRM team for an ILTA Product Briefing where we will be discussing how to keep up and remain compliant with data privacy legislation and the strategies and tools available to streamline the review cycle when assets are spread across multiple repositories. Click here to register.