Thank you for sharing!

Your article was successfully shared with the contacts you provided.
In response to the recent series of highly publicized business scandals, Congress passed the Sarbanes-Oxley Act. President Bush signed the act into law on July 30, 2002. See financialservices.house.gov/media/ pdf/H3763CR_HSE.PDF. The legislation aims to strengthen accounting oversight and corporate accountability by enhancing disclosure requirements, increasing accounting and auditor regulation, creating new federal crimes and increasing penalties for existing federal crimes. Similar to other areas of the law, Sarbanes-Oxley embraces the issues developing around the proliferation of electronic evidence. With 93 percent of all business documents created electronically and only 30 percent ever printed to paper, corporations in the last few years have been compelled to address the retention of, and potential liability associated with, electronic documents and communication. Ten years ago, corporations tended not to keep many hard copies of documents because paper documents take up physical space. Now companies save nearly every electronic document and e-mail because it can be stored electronically with relative ease. In response to this techno-reality, corporations are implementing and enforcing document-retention policies more than ever before. Yet the reality is that outdated e-mail, antiquated files and archival data stored on backup tapes or disks are often kept for months or years past their useful life. Case law reveals that unwieldy preservation of all electronic data and e-mail created in the course of business can come back to haunt a corporation when litigation ensues. For example, in Murphy Oil USA Inc. v. Fluor Daniel Inc., 2002 WL 246439 (E.D. La. Feb. 19, 2002), the court stated, “Fluor’s e-mail retention policy provided that backup tapes were recycled after 45 days. If Fluor had followed this policy, the e-mail issue would be moot.” As a result of Fluor’s unwieldy document retention, the parties spent considerable time and money arguing the discoverability of e-mail messages that should have been destroyed. NEW RETENTION REQUIREMENTS Sarbanes-Oxley imposes new requirements on public companies and their accounting and auditing teams with regard to the retention and destruction of certain financial records. There are three provisions that deal with electronic documents and should be of concern to corporations: � Document alteration or destruction.Section 802 of the act amends the federal obstruction-of-justice statute by adding two new offenses. First, people who knowingly alter, destroy, mutilate, conceal or falsify any document or tangible object with the intent to impede, obstruct or influence proceedings involving federal agencies or bankruptcy proceedings may be fined, imprisoned up to 20 years or both. � Mandatory document retention.Second, � 802 directs accountants to maintain certain corporate audit records or to review work papers for a period of five years from the end of the fiscal period during which the audit or review was concluded. It also directs the Securities and Exchange Commission (SEC) to promulgate, within 180 days, any necessary rules and regulations relating to the retention of relevant records from an audit or review. This section makes it unlawful knowingly and willfully to violate these new provisions — including any rules and regulations promulgated by the SEC — and imposes fines, a maximum term of 10 years’ imprisonment or both. � Obstruction of justice.Section 1102 expands the obstruction-of-justice statute that prohibits tampering with witnesses. Now acting or attempting “corruptly” to alter or destroy a record or other object “with the intent to impair the object’s integrity or availability for use in an official proceeding” is punishable with fines and/or imprisonment of up to 20 years. IMPACT OF THE PROVISIONS The impact of Sarbanes-Oxley on electronic-data management is basically twofold. The first part of � 802 places criminal liability on any person who knowingly destroys documents or objects relating to a federal agency or Chapter 11 Bankruptcy. Section 1102 prohibits people from corruptly altering or destroying documents with the intent to impair an official proceeding. The definition of “document” in these statutes is likely to be interpreted to include electronic-document destruction. Given its breadth, these provisions give the federal government authority to prosecute cybercrimes and other computer hacking that results in information destruction relating to official proceedings. Past case law reveals the federal government’s commitment to using computer forensic tools to bring hackers and cybercriminals to court. For example, in U.S. v. Lloyd, 269 F.3d 228 (3d Cir. 2001), the defendant was convicted under 18 U.S.C. 1030 on one count of computer sabotage for planting a computer-based “time bomb” in his employer’s computer systems. Computer experts were essential in recovering the evidence of the time bomb. Sarbanes-Oxley is likely to expand that governmental commitment to using computer forensic protocols to prosecute cybercrime. Further, � 802 of Sarbanes-Oxley is likely to have a great effect on how accounting and auditing firms handle electronic documents. Most accounting firms already retain audit and review records for at least five years, so it is perceived that the second portion of � 802 might have minimal impact. Yet � 802 specifically references the retention of electronic records that are created, sent or received in connection with an audit or review. This provision could require many accounting firms to retain more documents than they have in the past. Further, the � 802 document-retention rules and regulations to be implemented by the SEC also could force accounting professionals to give more consideration to their current electronic-records policies. The breadth and depth of these rules remains to be seen. In complying with the new provisions of Sarbanes-Oxley, accounting and auditing firms should consider electronic records when determining what should be retained and what should be destroyed. The financial industry is not the only business sector affected by the dangers of digital data, however. All business organizations should bear in mind that retained and deleted electronic evidence could become intricate minefields of liability. Even if information is effectively deleted and overwritten from a hard drive, this still does not mean that it is gone for good. Documents that have been copied to other media, saved in a routine system backup or e-mailed to anyone else have effectively been copied over and over again, creating numerous replicas of the “electronic footprints.” ACCOUNTANTS AND AUDITORS Accounting and auditing firms can mitigate the risk associated with electronic information management by creating a document-retention policy. See Daniel I. Prywes, “The Sarbanes Oxley Act Raises the Stakes for E-Records Management” Digital Discovery & E-Evidence, October 2002, at 1. The policy should start with an information inventory of the firm’s electronic framework, including documentation of all electronic hardware and software in use throughout the company (including cellphones, PDAs, laptops, etc.); all locations and storage formats of archived electronic data; and all methods in which data can be transferred to/from the company. The bulk of the retention policy should include methods for classifying documents, determining retention periods, setting the retention schedule and procedures and selecting a records custodian. The policy should also create an index of active and inactive records and implement “log books” in which all destroyed documents are recorded. Most important, an organization must retain all relevant documents when it knows, or should have reason to know, that they will become material in the future. In conclusion, the Sarbanes-Oxley Act compels public companies, corporate counsel and accounting/auditing professionals to consider the impact of electronic evidence in relation to certain financial records. No longer can e-mail and computer files be blindly destroyed. Instead, balance must be found between appropriate destruction of stale and nonregulated documents and adequate preservation of potentially significant documents. Such balance is the key to effective electronic-document management and the protection of informational assets as required by this new law.
TEN TIPS FOR ELECTRONIC RECORD RETENTION Sarbanes-Oxley reinforces the reality that electronic data management should garner top priority for corporate leadership, corporate counsel and accounting/auditing professionals. The following 10 tips should be considered when developing and maintaining rules for electronic record retention: � Make electronic-data management a business initiative, supported by corporate leadership. � Keep records of all types of hardware/software that are in use and the locations of all electronic data. � Create a document-review, retention and destruction policy, which includes consideration of backup and archival procedures, any online storage repositories, record custodians and a destroyed documents “log book.” � Create an employee technology-use program, including procedures for written communication protocols, data security, employee electronic-data storage and employee termination/transfer. � Clearly document all company data-retention polices. � Document all ways in which data can be transferred to or from the company. � Regularly train employees on the company’s data-retention policies. � Implement a litigation response team, comprised of outside counsel, corporate counsel, the human resources department, business line managers and IT staff, that can quickly alter any document-destruction policy. � Be aware of electronic “footprints” — delete does not always mean delete, and metadata is a fertile source of information and evidence. � Cease document-destruction policies at the first notice of a suit or reasonable anticipation of suit. On a final note, make a practice of conducting routine audits of policies and enforcing violations.

Michele C.S. Lange is a staff attorney for the electronic evidence services division of Kroll Ontrack Inc., based in Eden Prairie, Minn. Lange can be reached at [email protected].

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.