The new federal rules on electronic discovery make having a comprehensive document retention policy even more important than before. In an audio conference hosted by BLR, attorneys Jeffrey D. Neuburger and W. Lawrence Wescott II outlined what employers need to do when it comes to storing and retaining HR records.
Document Retention Policies
The presenters emphasized the importance of having a record retention policy, and offered the following tips for creating such a policy:
Account for any applicable state and federal recordkeeping laws.
Provide for disciplinary action against employees who violate the policy.
Tailor the policy to business needs and the types of records that are created.
It is important that the policy is not only implemented, but enforced. Employers should train their employees on the policy periodically and conduct audits to make sure that all employees are complying with the policy. Employers also should discipline employees who violate the policy.
Document Retention and Litigation
The importance of having a document retention policy is especially revealed in litigation. Courts generally have not penalized employers for not having relevant documents that have been deleted under a consistently enforced document retention policy. In addition, the Federal Rules of Civil Procedure, which govern how cases in federal court are run, provide a "safe harbor" for documents that are lost due to a consistently enforced document retention policy.
However, employers cannot hide behind a document retention policy in all situations. Under the federal rules, employers must preserve "electronically stored information" (ESI) once the employer reasonably anticipates litigation or face sanctions from the courts. This can happen even before a lawsuit is filed, for instance, if an employee has complained to Human Resources. If this is the case, employers should take the following steps immediately, or face the possibility of court-ordered sanctions:
- Issue a "litigation hold" ordering that all routine disposal of ESI under a document retention policy be stopped and instructing all employees involved in the dispute to keep all relevant documents.
- The litigation hold must be issued by a high level executive and be periodically reissued.
Provide backup tapes to employees who may get nervous and start deleting data.
Discovery Issues and Electronic Records
The definition of ESI is continually expanding under the federal rules as new technologies are developed. This means that IT departments are more important than ever in helping employers comply with their discovery obligations during a lawsuit. It is vital that there is open communication regarding what documents need to be kept for purposes of discovery between IT, human resources, and attorneys. It is also important that employers can establish a chain of custody since ESI is so easy to alter.
Training is key to making sure that relevant documents are maintained. Employers must train their employees not to "hit the delete key" to get rid of those documents they think may be incriminating. While most documents can be found through forensics or other methods, deleting records gives the impression that the document is bad for the employer when it may be completely neutral. In addition, purging documents may also lead to sanctions.
Storing and Protecting Records
HR records must be stored separately from other company records, whether they are kept electronically or in paper form. Only those employees who need access to the records to perform their jobs should have access to HR records. This is especially true since one of the biggest risks today for identity theft is unauthorized access by employees to confidential information.
The presenters offered a few tips for storing HR records:
- Make sure that key stakeholders are involved in the design of your system, such as top level executives, human resources staff, and the IT department.
- Maintain the records in a way that is consistent with other policies.
- Institute robust security features.
- Interface HR records into your record retention policy.
- Train all employees on record retention policy and procedures and monitor compliance.
Identity Theft and Document Retention
Thirty-nine states now have laws requiring employers to give notice to affected residents in the event of a security breach. This is important in the context of HR records because these records often contain the personal information these laws aim to protect.
Providing notice under these security breach laws is both time consuming and expensive. One way employers can help prevent identity theft and unauthorized access to confidential records is encryption software. Many state security breach laws provide an exception for records that have been encrypted, or rendered unreadable. The cost of purchasing and installing this type of software may save employers many headaches down the road.
No comments:
Post a Comment