Digital File Retention

 

If your answer to the poll was “yes,” or “I should,” give yourself a pat on the back.

If you don’t have a digital file retention policy, or more specifically, don’t believe you need a policy, please consider the following:

The more data you store, the more you must protect, and it isn’t free

Data protection is costly and doesn’t end with buying a server. If your firm stores digital files in-house, you must maintain your investment.  This means replacing obsolete storage media, preserving and testing backups, purchasing cybersecurity coverage, investing in and updating security software, budgeting for internal or outsourced IT services, and recovering from data theft, data breach, or system crashes if they occur. Cloud storage may alleviate some of this, although best practices dictate that cloud storage should be secondary to keeping on-premise copies of your data.

The duty to safeguard

Protection isn’t just a matter of out-of-pocket expenses, it has real ethical significance:

Taken together, Rule 1.6(c) and Rule
5.3 require a lawyer to take steps to prevent
disclosure of client information
through the misuse of technology, by
themselves or by any technology vendor
on which the lawyer relies. A lawyer’s
reasonable efforts to protect client data
might include reviewing a third-party
vendor’s terms of service to ensure that
they comply with industry standards relating
to confidentiality and security, and
that those standards are consistent with
the lawyer’s own professional obligations.

Mark Johnson Roberts, “Electronic Competence: As Technology Advances, So Must a Lawyer’s Understanding of It,” OSB Bulletin (June 2017).

If you place no limitations on digital file storage and something bad happens, more client data is exposed. Why would you want to take that risk?

Keep it and retrieve it

If you get into the perpetual storage business, be prepared to retrieve what you keep. Adhering to file retention recommendations and ethical requirements is one thing. Digging up records from 20, 30, or 40 years ago because you’ve chosen not to enforce a destruction policy is something else.

Setting reasonable digital file retention policies

For guidance on file retention, contact your local ethics hotline or professional liability carrier.  In Oregon, the following resources are available from the Professional Liability Fund. Select Practice Management > Forms.

  • Checklist for Scanning Client Files
  • File Retention and Destruction Guidelines
  • Production of Client File
  • Retention of Electronic Records

Mid-size and larger firms should consider a membership in ARMA, the Association of Records Managers and Administrators.  Another good resource is AIIM, the global community of information professionals.

All Rights Reserved 2018 Beverly Michaelis

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.