Electronic Document Management

This publication is produced on the understanding that the author and editor are not responsible for the consequence of any actions taken on the basis of information in this work nor for any errors or omissions. CSNZ, the author and editor expressly disclaim all and any liability to any person, whether a purchaser of this publication or not, in respect of anything done and of the consequence of anything done or omitted to be done by any such person in reliance, whether whole or partial, upon the whole or any part of the contents of this publication.

No part of this work covered by copyright may be reproduced or copied in any form or by any means (graphic, electronic or mechanical, including photocopying, recording tape, or information and retrieval systems) without the written permission of the Author

PART I Principles and Strategies

PART II Roles and Responsibilities

Appendices

Electronic Document Management

Introduction

In introducing an electronic document management system, combining records management principles with practical advice on the implementation of the necessary records management procedures and information technology support, these guidelines will outline the issues to be addressed.

The Enron and Arthur Anderson,[1] cases raise issues of records retention. Disney, State Farm Insurance and Prudential Insurance have all suffered serious public injury because of records control blunders.[2] These are high profile cases, but they are not the only cases where a lack of due diligence in records management has caused serious corporate damage. Worldcom, Adelphia, Xerox, Martha Stewart, and Tyco all illustrate the damage poor record controls can cause corporates.

With the recent news of deliberate document destruction aimed to deceive at Enron and emails that have been discovered in high profile cases such as Microsoft vs. Department of Justice, document retention seems to be the hot issue.

The proper and by far the best way for the U.S. Federal Government agents to have handled Enron would have been to have sent in agents to seize hard drives and filing cabinets rather than giving corporate executives months to destroy everything and anything.

In the Netscape fiasco Microsoft subpoenaed the history of every email to an employee complaint newsgroup. In that case Netscape had no legal duty to maintain backups and records of every posting but because they made the mistake of not deleting them regularly so suddenly they were required to provide them and were then barred from destroying them. It is an odd situation when there is no legal requirement to archive information, but if someone asks for it then suddenly it becomes legally protected and you have to defend and explain the context of every message and every word. Of course many will say something now and then that can be taken out of context or said in the heat of passion but want to back down from later.

Many companies discourage archiving seemingly trivial things such as emails which can surface later and cause a problem. Microsoft didn’t have such a policy during their recent litigation. The sad part about this is that Microsoft technology makes archiving all too easy

Many companies have record control policies in place but have no system to make sure that records actually are retained for a period then non-selectively disposed of in accordance with established and intended company policy. It is often surprising to find that carefully crafted policies provide no protection because company management learns that policies are not complied with. In no other legally sensitive area would routine and systemic violation of critical corporate policy be tolerated.

In the case of Prudential Insurance [3] where there was a non-deliberate inconsistency with written policy and the retention schedule for documents the court found that their non-compliant records destruction whilst not deliberate was of sufficient seriousness to fine them US$1 million. When in doubt courts focus on actual practices, rather than policies.

With the scandal at Worldcom on the heels of energy trader Enron Corp political fires were fanned which led to and will continue to lead to legislation designed to make it harder for executives to deceive investors. The new SEC dictate passed will require CEO’s to swear on oath as to the accuracy of board information passed to the SEC or face prison time if they are not. The gentle self policing of the old SEC regime is dead and gone.

Enron is a good example, management there knew they were destroying the evidence and they knew they were perpetrating a fraud against their investors. Destruction of the documents could mean, as is usual, that small investors suffer and any executives involved walk away due to lack of evidence. However, the fallout from the Enron case suggests that Messrs Sullivan, Ebbers and Myers, senior Worldcom executive may actually feel the full wrath of the law.

Worldcom’s auditors were the now disgraced Arthur Anderson which had already been found guilty of obstructing justice by shredding documents relating to its audit of Enron. Arthur Anderson officials admitted its employees destroyed documents related to its audit of Enron’s books. In early October 2001 they reminded staff going through Enron’s books of the policy of destroying documents, not part of the final audit. A letter to Enron’s chairman from an employee warning of their ‘accounting problems’ was found amongst the thousands of documents that the US Energy and Commerce Committee combed through as part of their investigation.

There is a heightened public concern that the balance sheets of corporate America and Wall Street have concentrated on maximising profits with little concern for the broader context of ethical concerns and social responsibility, this raises a huge question of corporate morality and disclosure.[4] A recent survey[5] found that more than half of corporate chief financial officers said they had been pressured by their bosses to cook the books, if not a full boil then at least to a simmer.

Once worshipped as heroes, nowadays CEO’s are being grilled by their boards. Trust in CEO’s has fallen “It’s as if we have given the CEOS weapons of mass destruction – at least economically. The companies they run are bigger than ever. When something happens, thousands can lose their jobs”[6] In the USA the issue of combining the CEO and Board Chairman’s roles has not helped in the promotion of good governance.

Now they are the corporate bad guys of the 21^st century. Respect will surely return to the CEO job some day but for now CEO’s are struggling to come to grips with their trustworthiness being compared to that of used car and real estate salesmen and politicians. They raid company coffers to pay off margin calls or build mansions; awash with stock options they manage the stock price instead of the company and as the business falls into bankruptcy they float away on their golden parachutes or yachts bought with company loans.

With risks up and rewards down, its little wonder that candidates for CEO roles now hire outside consultants to pore over the books of prospective employers looking for financial landmines; just as directors now pore over the details of new business deals and grill the CEO with ‘micro-questions’ and when it is finalized will go through it all again.

Evidence isn’t just for courts. Many regulatory bodies require records kept by organizations as evidence of activity that they wish to control or oversee. If you are concerned about destroying your documents so that the Ministry of Justice/or whatever regulator can’t get hold of them then your company has problems: problems that will catch up on you eventually, regardless of destruction of evidence or not.

If you knowingly destroy evidence of a crime, even on someone else’s orders, you have committed obstruction of justice and possibly conspiracy to obstruct justice. Those crimes were what the Watergate conspirators were jailed for.

If you don’t check with the lawyers on what information is and what it relates to, you could be held liable for obstructing justice.

The Electronic Transactions Act 2002(the ET Act)

This legislation closely follows the 1996 Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law (UNCITRAL) and the 1999 Australian Electronic Transaction Act 1999 (Commonwealth). The objectives of the ET Act include the reduction of compliance and transaction costs for business, the removal of legislative impediments to dealing with the government electronically and promoting consistency in New Zealand law and between New Zealand business and our major trading partners, particularly Australia.

It should be noted that the ET Act does not come fully into force until a date appointed by the Governor General by order in council. This is unlikely until regulations are passed under the Act to specify what particular technologies or services meet the requisite test of functional equivalence. Regulatory powers are also provided in the ET Act to deal with amongst other things electronic communication substitutes for forms and filing timetable requirements of any enactments.

It should also be noted that the ET Act is facilitative only. Under its current terms it will not require anyone to use electronic technology for any purpose without their consent. Under section 16 of the ET Act such consent may be given subject to conditions as to the form or means providing delivering or storing the information electronically though such consent can be inferred from a person’s conduct.

The ET Act aims to provide a clear legal framework granting electronic records and digital signatures the same legal recognition as their paper based counterparts in order to promote and facilitate the development of e-business in New Zealand.

Being technology neutral the ET Act has the advantage of long-term applicability. The ET Act excludes a number of enactments or parts of those enactments from its scope in situations where it is considered that the use of electronic technology to effect the requirement is inappropriate. Those situations are generally described below. However, with a fast changing technological environment and through developments in practice with respect to electronic transactions the need for exclusions will change over time The ET Act encourages government departments to review whether the signature requirements of law administered by their departments can be removed to facilitate electronic transactions.. Section 14(3) permits regulations to be made amending, repealing and replacing the scheduled exclusions.

The Act addresses the paper-based requirements of writing, signing, recording, retention and production of information and applies (subject to exceptions in any specific legislation and to the scheduled exclusions) to every enactment that is part of the law of New Zealand.

There are a number of contexts where it would not be appropriate to use electronic technology. These fall into six broad categories:

It is to these contexts that the scheduled exclusions generally apply. Matters which are exempt from satisfaction of writing or signature requirements by electronic means on a generic basis are wills, trusts, power of attorney, oaths, affidavits, statutory declarations, and similar formal situations. Notwithstanding technological advancement and social changes, there is still a practical need to retain these exceptions because of the need for formality in execution and the complexity involved.

The Law Commission has prepared a draft Evidence Code which it recommends should replace the 1908 Evidence Act and its various amendments. The proposed Code specifically addresses the production of electronically generated evidence in judicial proceedings. The Evidence Bill to implement the Evidence Code has been approved for the future legislative programme.

Within the general legal system many dealings already occur electronically as for example in the context of civil and criminal proceedings. The ET Act specifically confirms the position where courts and tribunals use electronic methods of communication having changed their rules or issued guidelines for their application. This covers jurisdictions involving the Court of Appeal, the High and District Courts, Family and Youth Courts, Disputes and Land Valuation Tribunals, the Maori Appellate and Land Courts, Customs, Quota, Refugee Status, and Social Security Appeal Authorities, the Environment Court, the Waitangi Tribunal and many other quasi-judicial bodies such as professional disciplinary tribunals.

Part I sets out that the purpose of the Act as generally described above and notes that the ET Act binds the Crown.

Part II deals with improving certainty in relation to electronic information and electronic communication by addressing the issues of validity and the time and place of dispatch and receipt.

The time at which a communication is sent or received, and the place from where it is sent or received, may be important for legal reasons. Given the potential for confusion as to the time and place of dispatch and receipt of such communications. Default rules are contained in sections 10 to 13 of the ET Act similar to those found in the 1999 Australian Electronic Transaction Act and based on article 15 of UNCITRAL Model Law on Electronic Commerce. Such default rules do not impose higher standards for electronic methods than for paper based methods of communication. They apply to any electronic communication except where the parties to it otherwise agree or the law provides otherwise. These rules do not it must be noted determine whether or not a contract has been formed. Such issues are dealt with under the general law of contract.

In the case of the time of dispatch the electronic communication is taken to be dispatched at the time the electronic communication first enters an information system outside the control of the originator. Electronic communication is taken to be received at the time it enters the information system that the addressee has designated for the purpose of receiving electronic communication or in any other case when it comes to the notice of the addressee.

The place of dispatch is taken to be the originator’s place of business or where there is more than one the place of business with the closest relationship with the underlying transaction, or if there is not one the originator’s principal place of business. In the case of an originator who does not have a place of business then it is taken to be dispatched from the originator’s ordinary place of residence. The place of receipt on the other hand is taken to be at the addressee’s places of business or residence as the case may be similarly described.

Part III deals at length with the application of legal requirements to electronic transactions and the satisfaction of those legal requirements through use of electronic technology, the question of consent to of use of technology and what constitutes maintenance of the integrity of information for the purposes of this part of the Act. In the latter case integrity of the information is maintained if it remains complete and unaltered other than by endorsement or immaterial change in the normal course.

The term ‘legal requirement’ in this context means a statutory or other legal requirement that needs to be satisfied by being recorded or given ‘in writing’ or requires a ‘signature’ or perhaps a ‘common seal’.

An ‘In writing’ requirement

may now be met by electronic means provided the information is readily accessible so as to be useable for subsequent reference and ,in the case of giving information, the recipient has consented to receipt in electronic form.

Signature requirements

An ‘electronic signature’ is defined in the ET Act with reference to information in electronic form as a ‘method used to identify a person and to indicate that person’s approval of that information’.

Section 22 of the ET Act provides that the legal requirement for a signature, other than a witness signature, is met by means of an electronic signature if

· if the person receiving the electronic signature consents to the receipt of an electronic signature

Section 23 provides subject to the consent of the other party the legal requirement for a signature or seal to be witnessed is met by means of an electronic signature if

There is a statutory presumption (section 24) about the reliability of electronic signatures for the purposes of sections 22 and23 where it is presumed that an electronic signature is as reliable as is appropriate if

It may be seen that in this area the use of the regulatory powers under the ET Act will provide guidance as to what will be acceptable means of recording or sending information ‘in writing’ for the purposes of the Act and no doubt will impact on what is acceptable technology to satisfy the ‘signature’ tests and related authentication needs of relevant parties.

Where the signature requirement has to be maintained, it is now necessary to consider whether legal recognition should be extended to cover other forms of electronic signatures. Meaning?

The use of personal identification numbers (PINs) as an authentication means should be investigated under the E T Act. Commonly used in banking transactions and in some overseas e-government transactions, eg filing of tax returns in Australia, the UK, US and Singapore. The use of PINs for authentication has been widely tested in many various market applications. With proper management, PINs can be considered for acceptance as a basic form of electronic signature where the level of security offered is commensurate with the risk.

Certification of signatures as in Hong Kong could also be used where a digital signature satisfies the legal signatory requirements when supported by a recognized certificate from recognized certification authorities.

Retention requirements

Section 25 provides that a legal requirement to retain information that is in paper or other non-electronic form is met by retaining an electronic form of the information if

To avoid any doubt, if the information is retained in electronic form in accordance with section 25 the paper or other non-electronic form of that information need not be retained in order to meet the legal requirement.

Section 26 deals with a legal requirement to retain information that is in electronic form. Such a requirement is met by retaining the information

In addition to the conditions contained in section 26, if a person is required to retain information that is contained in an electronic communication

Provision and production of, and access to, information (sections 25 to 31 inclusive)

A legal requirement to provide or produce information that is in paper or other non-electronic form is met by providing or producing the information in electronic form whether by means of an electronic communication or otherwise if

A legal requirement to provide or produce information that is in electronic form is met by providing or producing the information

The legal requirement to provide access to information that is in paper or other non-electronic form is met by providing access to information in an electronic form if

The legal requirement to provide access to information that is in electronic form is met by providing access to the information

Originals (section 32)

A legal requirement to compare a document with an original document may be met by comparing that document with an electronic form of the original document with an electronic form of the original document if the electronic form readily assures the maintenance of the integrity of the document.

Why Would A Company Want To Keep/Destroy Documents?

1. There are so many documents in a company and not all these documents are to the long-term benefit of the company, even if the creator/receiver believes so. Without examining each document, you cannot know which are benign and which are damaging

3. If the company destroys only selected documents, possibly damaging information, that appears suspicious to the auditor, regulator or other outsider

It would not seem unusual to expect that as a result of our friends at Arthur Anderson we are going to see major changes in the way laws affect some of these areas.

Some people argue that the purpose of a document retention strategy is not to keep documents but to make sure they get destroyed according to policy before someone from outside the company can use them against it. Other people argue that documents should be retained for the amount of time it takes to walk from your desk to the shredder.

The big issues seem to be backups and documents stored on desktop and laptop computers. Casually worded emails about sensitive subjects are forwarded and re-forwarded until multiple copies exist in numerous locations. Would you want email server backup tapes containing possibly sensitive materials from two years ago to be found.

Tone At The Top

If you saved a message from the boss that said ‘Screw this client and don’t tell him about this problem”, you may have cost the company a bundle. But, if you get an email message from your boss saying ‘screw the client…’ you better make sure that you do keep it. If you don’t, with no documentation pointing upstream, you are now the sacrificial lamb. Don’t think that if a boss is willing to ‘screw the client’ he or she would treat YOU differently

Better still, if the action your boss proposes is illegal, not only should you keep several copies at home and at work, but you may wish to blow the whistle yourself. One senior manager who got burned two years ago in the usual ‘You said this…’ ‘No that isn’t what I said’ acrimony that goes on in every office, now has 6Gb in her Outlook.pst file.

In the US financial sector the Securities and Exchange Commission mandated time frames for document registration as well as strict disposal regimes. Like many businessmen President George W, Bush too has skirted regulations previously overlooked documents and new research[7] shows that George W. Bush repeatedly missed federally mandated deadlines for filing documents with the SEC, insiders who repeatedly fail to file on time risk rebuke or thousands of dollars in fines – or even jail time, in rare cases, yet nothing happened to Bush. The SEC investigated the transaction and did not challenge Bush’s claim that he had no idea that Harken [a Texas oil Company] was in trouble – and that if he had he would never have dumped his shares. But SEC records recently released under the US Freedom of Information Act show Bush had been warned that the company was in financial peril at least twice during the very month he cashed out. There were always, it seemed, men with deep pockets or friendly faces – including at the SEC, where a friend of his father’s was chairman and their general counsel once served as Bush’s private lawyer. When Harken Energy’s fortunes changed with plummeting oil prices the company was doing so poorly and its books such a jumble that the SEC decided to launch a probe into Harken’s accouting practices. Bush’s suspicious share sale triggered another avenue of investigation into possible insider trading.

Documents from both arms of the investigation raised more questions than they answered.[8] “In the corporate world” bush declared when recently[9] pressed about how Harken Energy had hidden losses while he was on its board, “sometimes things aren’t exactly black and white when it comes to accounting procedures” A defense that only an Arthur Andersen executive could like.

Bush sold more than 200,000 Harken Energy shares just a few months before they lost 75% of their value. The Wall Street Journal brought Bush’s eight month delay in reporting the transaction to public light. But what was not brought to light until recently by the CPI was that it was not an isolated incident. Between the time he joined the board of Harken and the start of the SEC probe, he made four Harken share transactions and was at least three and a half months past due each time in his SEC reporting. These deadlines are not merely a matter of bureaucratic house keeping. Missing them is illegal, because any delay of course conceals from investors information about the faith the company’s leaders have in their enterprise – information that can move a markets.

Investigations concluded at the time he sold his stock in the June of 1990 he was aware that the company expected to be in the red, but only by $4.2million and that he could not and did not forsee the $23million loss actually reported in the August of 1990. However a 7 June memo from Harken’s CEO to Bush predicted that sometime before the end of the month that they would run out of cash and be in violation of a “numerous” debt agreements.

Of course despite the evidence of the memo that Bush was well appraised of Harken’s dire position at the time he dumped his shares, his colleagues told the SEC that it was possible that he never actually read the memo? The problem he had with the SEC was perhaps sloppiness and THAT memo of 7 June that like the proverbial bad penny turned up in the SEC probe.[10]

So when you are running for president, or any position for that matter, on a platform of restoring broken faith and tout yourself as a model of the American dream, your business dealing invite closer scrutiny.

But if you run your business honestly, do you really have to keep your documents forever to prove it?

Calculate the risk, legal and other costs involved in destroying records against the cost of retention; and plan your imaging protocols accordingly.

If you are in doubt about your action or decision, think about whether you would be embarrassed to see that document reproduced in a newspaper like the Harken memo of 7 June?

Necessity For Infrastructure To Restore Data

The legality of microfilm[11] as evidence is well established[12] to ensure procedures comply with international accepted practice. An inexpensive duplicate film held away from the main file ensures total protection from loss of records. Businesses have survived serious fires only because duplicate copies of their vital files were available on such security files.

In order for a scanned image of a document to stand a chance of being legally admissible in court it must be proven beyond reasonable doubt that the scanned image is an exact copy of the original and it has not been or been capable of being tampered with in any way. The first move to ensure the legality of archived records management was microfilm archive standards and where these are applied to electronic document management courts should find the acceptable.

Scanning documents (bills etc) into the computer as they are received is a worth instituting as from that point, the paper copy can be thrown away as the electronic copy in a JPEG format on a WORM disc is sufficiently unalterable to be official. [13] At the end of each moth these files are burned to two CDs making for easy storage – on of which is held off site.

The naked eye and a magnifying glass allow microfilm to be read. However the main problem with the advent of electronically made and imaged documents is that they may not readable without machines to interpret or read them.

It is essential that you ensure you retain the infrastructure to restore stored data. This may require keeping not just the software but the hardware too. In a recent high profile defamation case[14] in the High Court, New Zealand Legal Services Board were unable to provide information pre 1999 for this very reason.

In order for a scanned image of a document to stand a chance of being legally admissible in court it must be proved beyond reasonable doubt that the scanned image is in fact an exact copy of the original and that it has not been tampered with in any way.

Acceptance of the images as true and accurate by the owner should be demonstrated by means of certification, when the paper documents are destroyed a certificate of destruction should be issued, registered and maintained on the database or burned as a JPEG to your CD’s.

to convert the Netware/Groupwise/Win9 to WIN2000/Exchange/Win2000. On the surface this seemed a sensible idea because it wouldn’t change word type documents, but it will change the email and backup system. But if we look a little closer we find that this will make all of the old backup tapes unreadable.

Records management techniques to date have been addressed largely at paper files. Loss of information is the greatest single risk with imaging and distribution of documents.

The context of paper documents in a chronological file folder can tell a good deal about why the paper was prepared merely from the place it occupies in the file. The file folder itself, or the filing cabinet drawer in which it is kept all provide other contextual detail such as origin, circulation, use, importance etc i.e. the circumstances surrounding the record.

New big management issues relate to electronic data held as backups and documents on desktop or laptop computers.

The management of electronic information is concentrated, in the main, on backup and security. Consideration must be given to the actual management of the information.

The management of electronic information is an issue of good governance, some of the larger overseas organisations such as banks often have a board committee to steer this. Often it isn’t until some legal adverse consequences occur that a company looks into its policies and actual procedures as an integral part of risk management.

Bad documents can kill you

In many larger organisations, the IT Departments can spend hundreds of thousands of dollars per year to store the backups and logs that it wants to keep, however it would be an appalling waste of money and personnel to double that just to keep backups of information that would have never needed anyway. Also such records can be a huge liability to a company in the event of a lawsuit, even assuming there is no wrongdoing.

At a past client, email servers were torn down monthly, had replacement hard drives installed, and the server software reinstalled from scratch – importing email that were less than 30 days old. The old hard drives were shipped off to a destruction facility. All old servers had all media removed and shipped to the same facility. Any server or PC that was repurposed also had media replaced- again the old media was shipped off for destruction.

Avoid the legal and financial perils of mismanaging records that you may someday have to produce in litigation. Minimise potential liability or spoliation, benefit from properly retaining information.

Put A Document Management Strategy In Place

Due Diligence Issues

The ever increasing penetration of computer networks into all organisations has meant that more and more essential documents are not only being created and stored on computer but are being transmitted electronically within and between organisations, thus spending their entire lifetime in electronic formats.

For a large company, a document retention and destruction policy is a must, especially for legal reasons, but not just for the reasons always assumed. Every large company develops huge masses of information, and most of them back up that data to protect against short-term loss. However, most companies don’t want to keep information forever, so they destroy the old stuff to reduce storage need and to cut down on administrative costs associated with maintaining such records. If there is a well described and followed document retention policy which is adhered to a court will have no reasonable expectation that a company will still have documents that the policy marked for destruction. If on the other hand there is no policy (or it is badly enforced) this opens up an avenue for liability where the corporate controller says ‘we don’t have document X or Y because they were destroyed’. The judge may assume that this was done to hide something, or assumes they are lying, and punishes accordingly[16]. The policy can also limit the scope of a request from the prosecution. A document retention (and destruction) policy can force a judge to limit the scope of discovery, thereby reducing the workload in satisfying the discovery subpoena.

In a patent infringement suits,[17] just documenting and sorting the contents of a dozen employees’ hard drives, in order to determine what needs to be provided in discovery, can take a team of three people a week to go through everything to see what is covered under ‘all documents or materials relating to…’.

Many posit that as long as your run your business in a legitimate manner then you shouldn’t have to worry That is naïve! The well trained lawyer can take any document and manipulate the information to fit their needs. Add to that, information taken out of context can be given uneducated scrutiny by the press and the general public thereby resulting in a disaster.

The best policy is whatever your legal requirements are and that’s it. Destroy everything else. If you need a Document Retention policy for any reason other than reducing storage space, its time to check your ethics.

Some of us don’t have anything to hide, and so we don’t have a pressing need to make sure documents get destroyed in a timely fashion. On the other hand comprehensive records can be very helpful at some point to prove that you have nothing to hide, however having old documents taken out of context can be truly damning, and its just not worth the expense. Much better to destroy what could be used against you later.

This might all seem backwards. Destroying business records to get rid of evidence of

Accountability. Certainly there is a lot of stuff that isn’t bad, but the trouble is that it

Much of your retention policy must be based on the statutes in your area of business.

While it may seem a good idea to delete email after a few weeks, the record of your conversations can also be a lifesaver in contract disputes, where verbal or emailed agreements outside of the contract documents are considered part of the contract. Depending on court, and jurisdiction, email can be given the same weight as facsimile conversations.

If a company is putting things in writing that could come back and haunt it at a later date, then that company’s behaviour is unethical at the very best. If you decide to put something damaging in writing then think again.

Just there are those who believe in conducting themselves ethically and on the Judeo Christian standard of ‘do unto others’ that there are just as many foolish people in positions of power who will continue to document their wrongdoing. If the penalties for obstruction of justice are less than that of the crime being committed then is it a good idea to destroy them immediately? It’s just not legal to.

Taking “Top Secret” Seriously

All highly confidential documents should be seeded[18] to ensure that any unauthorised dissemination can be traced the source.

In the military forces documents are either shredded using a multi-stage shredder or by incineration. Having seen some of the shredders that large companies use, one can wonder why they even bother when their documents can still be easily reassembled.

The US Army uses a system called MARKS (Modern Army Record Keeping System) that includes destruction procedures. Every record within MARKS is supposed to have a disposition that indicates when it is to be destroyed. The system is designed so there is no ambiguity about when to destroy the file. Any half-awake clerk can follow the instructions. Usually the person creating the document knows its proper scope, and can specify the disposition

Document Day

It may seem illegal but this is common practice in large companies and especially financial institutions. We are not talking about shredding documents to hide evidence, but shredding documents so that they cannot be used against you later on.

As discussed earlier the purpose of a document retention policy is not to keep documents but to make sure they get destroyed according to policy. Records control is a strategic line of defense – from any inference that an organisation selectively retains or destroys records to obstruct justice, audit etc

The three primary risks are - The risk of not being able to produce needed records

The real reason to have a retention schedule is so the company canput it into practice and achieve records retention and destruction consistency so that if you have a good retention schedule you can easily substantiate why a document no longer exists.

Even if your company operates completely within the law there is still reason to worry about old documents coming back to haunt your business. Run your business honestly and keep the records to prove it? Still better, run your business honestly and have a consistently applied retention AND destruction policy.

Other Useful Sources

In the southern hemisphere we can turn to the Australian Standard for Records Management AS4390 [February 1996] included in the New Zealand Ministry of Justice publication ‘Managing your Information; Justice Sector Information Management Policy Guidebook’ [P Fogarty (ed) July 1997]

Courts and official inquiries in New Zealand have and continue to use electronic systems for presenting evidence

The British Standards Institute Code of Practice for Legal Admissibility of Information Standards on Electronic Document Management Systems [PD 0008]

Appendix I – Document Management Strategy[19]

Improving Electronic Document Management

Foreword

Executive Summary

PART I Principles and Strategies

PART II – Roles and Responsibilities

PART III

o 11.7.6 Migration of objects from disk to other storage media (CD- ROM/ Magnetic cartridges etc)

Appendices

from the Australian Department of Defence, prepared by The IESC’s Electronic Data Management Subcommittee 1995

[1] Arthur Andersen, once one of the ‘big six’ have reached an agreement to settle all claims by or on behalf of Enron, including any claims by Enron’s bankruptcy estate, against Andersen Worldwide as well as reaching agreement with Enron’s Shareholders and Employees. Arthur Andersen has stated that its work for Worldcom complied with the SEC and professional standards at all times and plan to appeal its conviction which it says was based on flawed jury instructions and erroneous evidentiary rulings that precluded Andersen from presenting its entire defense.

[2] James, Meg. “Court Rulings Go Against Disney in Pooh Dispute” Los Angeles Times. Jan 18 2002

Brown, Ken; Hitt, Greg; Liesman, Steve; and Weil, Jonathan. “Anderson Fires Partner It Says Led Shredding of Documents” Wall Street Journal. Jan 16 2002

France, Mike and Osterlaand, Andrew. “State Farm. What’s Happening to the Good Neighbor?” Business Week. November 8, 1999

[3] Levy-Sachs, Rebecca; Miller, Gregory; Clayton, et al “Spoliation of Evidence: The trend to a New Tort”. Federation of Defence and Corporate Counsel Quarterly Winter 1999

[4] Schroth, R.J; Elliot, L. “How Companies Lie: Why Enron Is Just The Tip of the Iceberg”

[5] Gibbs, Nancy “Season of Mistrust” P.18, 22 July 2002, Time Magazine

[6] Brian Shapiro, Professor of Accounting, University of Minesota

[7] Center for Public Integrity [CPI]

[8] Saporito,B. “The Rap on Bush and Cheney”, The Wall Street Journal, 9 July 2002

[9] Ibid

[10] Bush himself was never questioned during the SEC probe which according to one former agency official was very strange.

[11] Refer Robertson Shaw “ The Disposal and Retention of Documents” CSNZ 5^th edition available from The Institute

[12] further guidance can be found in British Standards 6498 and DD 199

[13] Ibid Section 10.7

[14] Hall Vs Fourth Estate Holdings

[15] refer Appendix I. In introducing an electronic document management system, combining records management principles with practical advice on the implementation of the necessary records management procedures and information technology support, these guidelines in Appendix I will outline the issues that you need to address for a DMS and an electronic DMS

[16] as in the case of Prudential see footnote 2

[17] see Robertson Shaw Ibid Sect.8

[18] ‘seeding’ is the addition of a unique error in each copy of a document that allows the leaking of ANY document to be traced to the source of any leak.

[19] The following is a template or outline of the areas that should be addressed to establish organisational standards for the implementation of a Document Management Strategy project. Many of the template headings will be generic to all organisations. Your own organisation may require the inclusion of areas specific only to your organisation. This section is a guide only.