If your answer to the poll was “yes,” or “I should,” give yourself a pat on the back.
If you don’t have a digital file retention policy, or more specifically, don’t believe you need a policy, please consider the following:
The more data you store, the more you must protect, and it isn’t free
Data protection is costly and doesn’t end with buying a server. If your firm stores digital files in-house, you must maintain your investment. This means replacing obsolete storage media, preserving and testing backups, purchasing cybersecurity coverage, investing in and updating security software, budgeting for internal or outsourced IT services, and recovering from data theft, data breach, or system crashes if they occur. Cloud storage may alleviate some of this, although best practices dictate that cloud storage should be secondary to keeping on-premise copies of your data.
The duty to safeguard
Protection isn’t just a matter of out-of-pocket expenses, it has real ethical significance:
Taken together, Rule 1.6(c) and Rule
5.3 require a lawyer to take steps to prevent
disclosure of client information
through the misuse of technology, by
themselves or by any technology vendor
on which the lawyer relies. A lawyer’s
reasonable efforts to protect client data
might include reviewing a third-party
vendor’s terms of service to ensure that
they comply with industry standards relating
to confidentiality and security, and
that those standards are consistent with
the lawyer’s own professional obligations.
Mark Johnson Roberts, “Electronic Competence: As Technology Advances, So Must a Lawyer’s Understanding of It,” OSB Bulletin (June 2017).
If you place no limitations on digital file storage and something bad happens, more client data is exposed. Why would you want to take that risk?
Keep it and retrieve it
If you get into the perpetual storage business, be prepared to retrieve what you keep. Adhering to file retention recommendations and ethical requirements is one thing. Digging up records from 20, 30, or 40 years ago because you’ve chosen not to enforce a destruction policy is something else.
Setting reasonable digital file retention policies
For guidance on file retention, contact your local ethics hotline or professional liability carrier. In Oregon, the following resources are available from the Professional Liability Fund. Select Practice Management > Forms.
- Checklist for Scanning Client Files
- File Retention and Destruction Guidelines
- Production of Client File
- Retention of Electronic Records
Mid-size and larger firms should consider a membership in ARMA, the Association of Records Managers and Administrators. Another good resource is AIIM, the global community of information professionals.
All Rights Reserved 2018 Beverly Michaelis
Pingback: The Year in Review | Oregon Law Practice Management