How to develop a records inventory, take special care to review and understand where and how electronically stored information (“ESI”) sits on any client’s systems. This process (often referred to as “data mapping”) may be performed by in-house IT personnel with or without assistance from outside consultants. In-house counsel also should be involved to help flag specific types of high-priority ESI that may have been the subject of prior discovery demands.
Through this process, you should be able to identify:
•The locations of ESI
•Who is responsible for ESI
•Which employees and staff interact with ESI systems
•External systems and storage locations
•Employee interactions that affect ESI, such as the ability of employees to save their emails locally
•Existing active data retention policies
•Existing back-up data retention policies
Examine Legal and Regulatory Retention Requirements
Once you develop a records inventory, consult federal, state, and local law to determine what (if any) minimum document retention periods cover each category of records. Governing law will vary depending on the client’s business and industry, but some examples include:
•Sarbanes-Oxley Act of 2002 (116 Stat. 745)
•Consumer Product Safety Act (86 Stat. 1207)
•Fair Labor Standards Act of 1938 (52 Stat. 1060)
•Federal tax law
Also be sure to consult any international law requirements if these apply to your client’s business.