Jackie Marshall, SVP, IT Regulatory Compliance
In light of several lawsuits and following the Sarbanes-Oxley Act, the Federal Courts have decided to update their Electronic Discovery Rules (December 2006). The new Federal Rules of Civil Procedure (FRCP) affect litigation on the Federal level and failure to produce electronic documents could prove costly. Compliance will depend on the nature of your institution’s business. If you are subject to SEC regulation or if you are in the legal environment, you may need to address certain issues relating to email retention differently than if you are only concerned with financial institution regulations.
This is why 2007 is the year to address electronic data/email retention for many community financial institutions. Content management, encryption, and email retention will be an important topic of discussion in Technology Committee meetings nationwide. System backups are proving to be inadequate for long-term storage. Backups only capture snapshots of data; therefore, information generated and deleted between backups are not captured. Also, most current backups are retained for a limited period of time (no more than 60-90 days), after which they’re destroyed or overwritten.
Many vendors are actively marketing email retention solutions to financial institutions. If you choose such a solution make sure that information retained follows your written data retention and content management policies. All departments within your institution will need to standardize the handling of imaged documents, emails, and other electronic communication. Also, your policies will need to specify different timeframes for retention based on the type of data, and destruction/disposal procedures will need to be specified when the retention period is exceeded.
Taking the time to review and assess existing document retention policies practices now, could save valuable time and effort (and perhaps your institution’s reputation) in the future.