How to Write Enterprise Archive Policy

Many of the policies I see for internal enterprise operations use rigid language.  They say the enterprise "will" do this or "shall" do that.

My concern with such language -- especially as it applies to the retention of records -- is that often the enterprise will not, across the course of years, do exactly what its policy states.  As the years go by, the enterprise may encounter legal, privacy, budget, technical or other problems that preclude it from keeping records as the policy "requires."


Thus, when I write policy for enterprise clients, I try to use softer language.  Instead of saying the enterprise "will" or "shall" keep records, I say the enterprise "strives" to keep records.

With the word "strives," I seek to avoid giving anyone -- such as an employee who sues the enterprise for some reason -- assurance that the records he wants will in fact exist at the time he wants them.


Further, it is common for  me start enterprise policy with a preamble that states the policy sets general guidelines rather than rigid rules.  The preamble explains reasons why general guidelines make more sense for a policy that will stretch over multiple years.

Here is sample language I offer in in-house workshops I lead on enterprise record retention:

This states the policy of ___________ [insert name of business] (the “Company”) for the retention of electronic mail, instant messages and managed electronic documents. This policy sets general guidelines, recognizing

• the impracticality of adhering to rigid rules,

• the massive volume of records created by the ever-growing collection of digital devices and services used in the Company, and

• the need for record retention efforts to be proportionate with the value of the records, the cost of keeping them and the legal duties associated with them.

The word "proportionate" appeals to the growing body of law that says the standard for compliance in e-discovery and record retention is "proportionality."  Proportionality recognizes the difficulty of setting absolute, universal rules in data law.

What do you think?


1 comment: