Information Request
 
DRC News
   
Industry News

Guidelines For Electronic Record Retention

Various governmental and regulatory bodies have established or are continuing to work on standards and regulations for the treatment of electronic data pertaining to computer generated information and imaged source documents and records. While these standards are evolving, one thing is very clear. The treatment of documents and records is a key component of compliance and legal business practice in virtually every industry in North America , and in the European Union. The fast pace of changing technology has created the need  for the development of standards, policies and practices to address the capture, storage and use of electronic "documents"  and records in order to comply with legislation and to minimize corporate risk. While many issues remain related to technology including multi-vendor compatibility, evolving storage and media formats, data translation and media degradation, there are both general and specific guidelines for electronic record retention.

The passing in Canada of the Personal Information Protection and Electronic Documents Act (PIPEDA) provided adequate legal and regulatory grounds for the acceptance of electronic records as evidence. Satisfaction of legal and regulatory requirements for corporate business records being accepted as evidence now requires that an entity provide proof of "the integrity of its electronic record system". Responsible records management is now an organizational imperative and good business continuity and corporate risk management.

The passing in the U.S.A. of the Sarbanes-Oxley Act reinforces the reality that any paper or electronic data management program should garner top priority for corporate leadership and corporate governance. The Securities and Exchange Commission published its views on Electronic Storage of Broker-Dealer Records effective May 12, 2003. SEC [Release No. 34-47806] Broker-dealers are allowed to preserve records on "electronic storage media". Rule 17a-4 defines that term as "any digital storage medium or system". This interpretation clarifies that broker-dealers may employ a storage system that prevents alteration or erasure of the records for their required retention period. However, it also makes clear that the ability to overwrite or erase records in a system controlled by integrated codes and passwords alone does not make them compliant. This contrasts with optical platters, CD-ROM's and DVD's that feature digital information permanently written and that can never be changed or deleted. Rule 17a-3 requires broker-dealers to create certain records, including trade blotters, asset and liability ledgers, income ledgers, customer account ledgers, securities records, order tickets, trade confirmations, trial balances and various employment related documents and Rule 17a-4 specifies the manner in which these records must be maintained.

Corporate Governance

The following guidelines should be considered when developing and maintaining rules for record retention and reference archiving:

  1. Make electronic-data and paper-based document management a business initiative, supported by corporate leadership in the form of a corporate governance sub-committee.
  2. Maintain records of all types of hardware and software that are in use and the locations of all electronic data.
  3. Create a business records and document review, retention and destruction policy, which includes consideration of backup and archival procedures, up-to-date evidentiary standards, content integrity, document reproduction tests, online storage repositories, record custodians and a destroyed documents "log book."
  4. Create an employee technology use program, including procedures for written communication protocols, data security, employee electronic data storage and employee termination/transfer.
  5. Clearly document your corporate data retention polices in a record procedures manual.
  6. Document all ways in which data can be transferred to or from the company.
  7. Regularly train employees on the company's data-retention policies.
  8. Implement a litigation response team, comprised of outside counsel, compliance staff, corporate counsel, the human resources department, business line managers and IT staff, that can quickly update or amend document-destruction policies.
  9. Be aware of electronic "footprints" - delete does not always mean delete, and meta-data is a fertile source of information and evidence.
  10. Cease formal document destruction policies at the first notice of a regulatory investigation, suit or reasonable anticipation of suit. Note, the subject or topic of an investigation or suit may reside on any business records, data file or reference archive.

Finally, make a practice of conducting routine audits of policies and procedures, compliance assessments and enforce violations.

DRC provides additional measures of insurance against the uncertainties of digital only storage strategies. DRC utilizes a proven processes and media for meeting requirements for compliant storage and archival longevity. For further information see Digital Preservation on Under Services.

 
Electronic Record Retention
 
Home | About DRC | News | Solutions | Services | Products | Industry Links | Contact | Site Map | Privacy Policy
Copyright ©2005 Data Repro Com Ltd. All Rights Reserved. Site Design & Development: Imagination Plus