Understanding What Document Retention Is
Document retention policies are CRITICAL in law firms for a number of reasons. They directly affect the manner in which legal services are provided, who is providing the services and the cost structure of those services. There are serious legal consequences associated with having no policy in place or failing to develop one properly.
A proper document retention policy will certainly minimize the firms risk, not only to clients but to itself. It is generally well established that the legal community enjoys a certain degree of immunity from lawsuits, but document retention exposes the firm to the potential such claims are not properly protected. That is not good for business.
Many law firms do not give much consideration to the development of a policy because they do not believe it necessary. Doing so is shortsighted. The policy can serve as the firm’s roadmap for record keeping . In that regard a retention policy provides the assistance needed to assure the necessary paperwork, forms, and files are available for processing client work. The absence of that roadmap creates disarray and increases the risk of errors over something so simple as submitting the wrong form to court or missing a filing date. It also results in clients’ paying more than necessary for services. It may even result in court sanctions.
If a litigation arises because of an error, the firm’s insurance coverage can be impacted as well.
Document retention policies serve to provide the basic records firms need to practice law and to manage the business side of the practice. It is presumed that the client has already provided the raw material, as it were, but the retention policy assures that the complete picture can be drawn from multiple sources of information and that it is not just being stored but used.
Essential Elements of a Retention Policy
The cornerstone of any document retention policy is a clearly stated retention schedule. Emphasizing the importance of this tool, Robert D. Brownstone in "Best Practices for Legal Tech and Legal Information Professionals" observed that "a good retention policy should contain a single retention schedule for all documents," which delineates the times by which each category of document is to be destroyed. Such a schedule is usually part of a larger plan, which lays out the firm’s objectives, procedures, terms and definitions. For example, the firm should specifically identify the categories of records it maintains, such as client files, engagement agreements, time slips, bills or service provider agreements.
The firm may wish to retain records through multiple periods (e.g., seven years in storage, 10 years in electronic format, etc.) or to portion records to various departments. A general schedule is acceptable so long as it captures the main categories of records.
A record retention policy should include these key elements:
Retention period: Specify when the firm may destroy a record. The retention schedule must be reasonable and commensurate with the firm’s business needs and legal obligations. As a rule of thumb, all critical legal and financial records, such as tax records and loan documents, should be retained for a minimum of seven years. And in the case of client master cards, time records, bills and records associated with antecedent events, the firm must keep these records seven years after the closing of the file or seven years after the last bill. (42 Code of Federal Regulations. The Privacy Rule requires covered entities to retain the HIPAA-required documentation for six years from the date of creation or the date when it was last in effect, whichever is later.)
Document types: The firm must identify key categories of records (e.g., letters, memoranda, contracts, correspondence, pleadings, time sheets, bills, e-mails, etc.), the person responsible for managing the records and how they are organized and filed.
Destruction of documents: In addition to setting the details for archiving the firm’s records, the document retention policy should require the firm to destroy old records because, under federal law, personal information must be destroyed once it is no longer needed. Failure to do so could result in liability from privacy breaches. To protect client privacy, the firm should lay down proper disposal methods, such as shredding or pulverizing confidential documents. For all the firm’s old electronic records, the policy should state the destruction mechanism and how it should be safeguarded.
Legal Mandates for Retention Policies
Before outlining best practices, it is useful to first understand how your legal obligations are determined. Legal obligations are derived from legal statutes and regulations, judicial precedents and administrative agency rules that apply to lawyers in your state. A number of these statutory provisions work together to create the legal environment in which you operate. In particular, each state has disciplinary rules of professional conduct (the DRPC) that impose obligations on lawyers within that state. The DRPC varies somewhat from state to state but generally states that lawyers have an obligation to "provide competent representation" to their clients. Comments to the DRPC make clear that part of this obligation is to reasonably supervise staff and to protect against unauthorized access to data. Therefore, to avoid ethics violations, it is important that lawyers take all reasonable measures to protect the confidentiality and integrity of information about clients it receives from clients, employees, and everyone else.
The American Bar Association has created "Standards for Privacy of Personal Information of Clients," which is an excellent guideline of best practices for protecting confidentiality. State bar associations will also provide guidelines for best practices in legal document retention.
As noted above, many laws regulate the storage and retention of documents. These laws will vary by state. Some of the more important rules may include record retention and transmittal of files per the statutory requirements under ERISA (30 years); Client files that contain tax returns, sensitive financial information, or any other materials that are considered confidential should be retained indefinitely as per the IRS; and Client files under Federal Rules of Civil Procedure – Rule 26 (all client files are subject to a 5-year statute of limitations). These are federal requirements. For state requirements, please check with your state bar. For example state of MA requires electronic records to be stored for up to 60 years.
Making and Implementing a Retention Policy
Establishing an effective and compliant document retention policy begins with the development of a practical plan. In this section, we review general steps for developing a plan that will work for any law firm.
Although this article does not delve into implementation details, it is critical for a law firm to implement its policy in a way that’s convenient and useful to the firm’s staff. A variety of policies, from those that seek to be exhaustive to those that address only the most obvious documents, are represented in the document retention landscape. The key is finding the balance that works for the firm involved.
Training has been found to be the best way to educate employees about records management practices. Employee training should be supplemented by easily accessible written materials and co-branded newsletters. For example , the written materials can be easily distributed via the Internet and e-mail, suggesting the use of materials to other firms that have similar needs. Publishing references such as selective bibliographies (for instance, a review of professional and trade publications on records management) also can help bring records management issues to the attention of the relevant groups. Experts recommend periodic refresher training when new laws or regulations make earlier guidelines obsolete or when new statutes or regulations become law.
Challenges in Document Retention
A top concern of law firms in managing documents and information is determining what to keep and what can be disposed of safely, particularly with growing compliance pressures around Kafkaesque requirements for enormous amounts of data and information. Firms need to educate employees about the importance and implications of proper retention, and enforce the policy at high level of detail as well as big picture. Law firms can fall prey to so-called "migratory madness" when old document retention policies grow lost in an ecosystem of newer ones. That, combined with a habit of keeping everything, ties up space and resources, increases risk and limits efficiencies. Underutilized software can fill the gap by cross-referencing the old and new policy but also tracking exceptions on an ongoing basis to identify the root cause of why others are unable to take the hint and comply. Firms will need legally defensible systems of destruction, tracking and archiving. That’s easier said than done, which is why you should look for supporting services such as outsourced administration, security, offsite shredding and cloud-based systems of record. Technologies such as automated age management and storage optimization will aid compliance.
Updating and Revising Your Policy
For many law firms, the most important policy is their document retention policy. Each year, they review the policy and reissue it. However, instead of just issuing the same retention policy year after year, each firm should revising their retention policy to reflect changes in regulations, laws, client requests, best practices, etc.
It is easy to say that the retention policy does not need to be reviewed because nothing has changed. But if that is the case , then it was a bad decision to establish a retention period that does not look at changes to regulations or laws or at best practices. Every law firm should look at their entire retention schedule at least every other year and consider whether the policy needs updating to reflect changes in the law or best practices. If no changes are made to the retention policy, it may lead external viewers to question whether the policy is truly being followed.