• Home
• Jurisdictions
  • Countries
  • Multinational Organizations
• Services Outsourced
  • Finance/ Accounting
  • Legal
  • Human Resources
  • Information Technology
  • Customer Care
  • Other
• Industries
• Sourcing Models
  • Shared Services – Captives
  • Alternative Structures
  • Pricing
  • Financial Engineering
  • Innovation
• Resources
  • Software Tools
  • Definitions
  • Outsourcing 101 – Basics
  • Sourcing Advisors
  • Benchmarkers
• Events
  • Press
  • Past Events / Webinars
  • Upcoming Events
• Archives
  • Newsletter Article Archives
  • Newsletter Archives

Document Retention, Document Management and Data Warehousing in Outsourcing

October 9, 2009 by Bierce & Kenerson, P.C.

Business enterprises must comply with a multitude of laws and rules governing the retention of business records.  Destruction or loss of business records could cause serious loss to the enterprise and its trading partners.  Fines might be levied under regulatory audits.   Documents supporting novelty, originality or date of reduction to practice might result in a loss of a business process patent.   In litigation, the enterprise might be unable to present evidence or rebut contradictory evidence.  Recognizing the need for electronic storage, legislatures and courts worldwide have adopted various “electronic signature” and “electronic documentation” statutes and rules allowing, as probative evidence, documents stored solely in electronic form, provided that certain notarial protections such as immutability (non-changeability), provenance and other customary factors for attesting to the origin and custody of the record are satisfied.  Records may also incriminate, so routine destruction of old records is advisable where no law or rule requires continued retention.

In response to such needs, service providers in logistics, storage, warehousing and data warehousing have developed an industry for the “life cycle management” of documents.  The life cycle includes document creation, gathering of related records, organization of directories and data bases under organizing principles, record storage, distribution, document retention, retrieval, accessibility, destruction and reporting and record keeping of the life cycle itself.  Such services involve different methods, cost structures and risks to the customer.

Recent jurisprudence establishes new rules governing “electronic discovery” under the Federal Rules of Civil Procedure.  The impact of such rules on document retention, document management and data warehousing in outsourcing should be clearly understood by both outsourcing customers and services providers.  Prudence dictates a number of “best practices” in records management in outsourcing.

Records Retention Policies and Procedures.

This article does not intend to list all laws that might require temporary or permanent document retention.  Rather, it is critical that each enterprise adopt policies and implement procedures for compliance with record keeping and record destruction requirements of law.

Right of Access to Records in Criminal Proceedings.

This article does not intend to discuss the right of the criminal defendant to obtain information, or the right of the prosecutor to obtain evidence through police investigations.  However, criminal negligence for corporate misdeeds is punishable under certain public statutes.  Accordingly, maintenance of “best practices” in records management could make a difference in outcomes for both the enterprise and its managers.

Right of Access to Records in Civil Dispute Resolution.

Right of Access to Records in Mediation.

Most business managers might agree to mediation if it is not onerous and does involve detailed is closures of business records.

Right of Access to Records in Arbitration.

In general, arbitrators have no mandate to compel adverse parties to engage in any disclosure or discovery phase for the identification of records that might have a relevance or probative value in dispute resolution.   The rules of arbitration of most common arbitral administration organizations generally do not require any such compulsory disclosure.

Right of Access to Records in Litigation.

Mandatory Discovery.
The U.S. Federal Rules of Civil Procedure 26 through 37 govern discovery in civil actions of any nature that may be adjudicated by U.S. federal courts.  These rules permit the giving of notice, formulation of legal and factual issues and revelation of facts through pre-trial procedures including depositions and discovery.    Rule 26(b)(1) defines very broadly the scope of mandatory disclosures by an adverse party in response to a request for discovery:

Parties may obtain discovery regarding any matter, not privileged, that is relevant to the claim or defense of any party, including the existence, description, nature, custody, condition, and location of any books, documents, or other tangible things and the identity and location of persons having knowledge of any discoverable matter.   For good cause, the court may order discovery of any matter relevant to the subject matter, involved in the action.  Relevant information need not be admissible at trial if the discovery appears reasonably calculated to lead to the discovery of admissible evidence.

In general, confidential business information may be discoverable and subject to a protective order so that the requesting party does not publicize it.

Scope of Discovery Must be Proportional to the Benefit.
Rule 26(b)(2) imposes general limits on discovery under a “proportionality” test.  A federal court may limit the frequency or extent of use of “discovery” methods if the court determines:

• the discovery sought is unreasonably cumulative or duplicative, or is obtainable from some other source that is more convenience, less burdensome or less expensive;
• the party seeking discovery has had ample opportunity by discovery in the action to obtain the information sought; or
• the burden or expense of the proposed discovery outweighs the likely benefit, taking into account the needs of the case, the amount in controversy, the parties’ resources, the importance of the issues at stake in the litigation, and the importance of the proposed discovery in resolving the issues.

Payment for Cost of Disclosing Records and Information.
Normally, the courts presume that the cost of researching and producing the requested records and information in the discovery process must be paid by the responding party.  However, under Rule 26(c), the court may shift the cost to the requesting party to avoid “undue burden or expense.”  Oppenheimer Funds, Inc. v. Sanders, 437 U.S. 340, 358 (1978).

Common Law Approach to Equitable Determination of Cost Allocation and Cost-Shifting for Discovery of Records, including Electronic Records.
Different courts have adopted different standards and tests for balancing the costs and likely benefits.   The most influential response to the problem of cost-shifting in the discovery of electronic records was the eight-factor list adopted by U.S. Magistrate Judge James C. Francis IV in Rowe Entertainment, Inc. v. William Morris Agency, Inc., 205 F.R.D. 421, 429 (S.D.N.Y. 2002).   More recently, District Judge Shira Scheindlin of the same district court adopted a different rule to tailor the Rowe Entertainment principles to add one new factor and omit two unnecessary factors.   Zubulake v. UBS Warburg LLC, __ F.3d __, NYLJ May 19, 2003, p. 37, cols. 1-6, p. 28, cols. 1-5 (S.D.N.Y. March 2003) (claim for alleged wrongful discharge due to claimed sex discrimination in employment).   The Zubulake court reasoned that the factors should be weighted and that they should be not be predisposed, or “slanted,” as the Rowe Entertainment rules might do, in favor of shifting the costs of production from the responding party to the party requesting the electronic records.

The following table compares the two decisions:

Types of Storage of Electronic Records.
Retention of documents in electronic form allows cheaper and faster access, with easier determination whether a document is protected from the discovery process by some form of evidentiary privilege (e.g., attorney-client communication, attorney work product, husband-wife spousal privilege, etc.).   Judge Scheindlin’s opinion in Zubulake toured the types of methods for record keeping, with reference to accessibility and ease of production.

Whether electronic data is accessible or inaccessible turns largely on the media in which it is stored. Five categories of data, listed in order from most accessible to least accessible, are described in the literature on electronic data storage:

1. Active, online data:
“Online storage is generally provided by magnetic disk. It is used in the very active stages of an electronic records [sic] life – when it is being created or received and processed, as well as when the access frequency is high and the required speed of access is very fast, i.e., milliseconds.” Examples of online data include hard drives.

2. Near-line data:
“This typically consists of a robotic storage device (robotic library) that houses removable media, uses robotic arms to access the media, and uses multiple read/write devices to store and retrieve records. Access speeds can range from as low as milliseconds if the media is already in a read device, up to 10-30 seconds for optical disk technology, and between 20-120 seconds for sequentially searched media, such as magnetic tape.” Examples include optical disks.

3. Offline storage/archives:
“This is removable optical disk or magnetic tape media, which can be labeled and stored in a shelf or rack. Off-line storage of electronic records is traditionally used for making disaster copies of records and also for records considered ‘archival’ in that their likelihood of retrieval is minimal. Accessibility to off-line media involves manual intervention and is much slower than on-line or near-line storage. Access speed may be minutes, hours, or even days, depending on the access-effectiveness of the storage facility.” The principled difference between nearline data and offline data is that offline data lacks “the coordinated control of an intelligent disk subsystem,” and is, in the lingo, JBOD (“Just a bunch of disks”).

4. Backup tapes:
“A device, like a tape recorder, that reads data from and writes it onto a tape. Tape drives have data capacities of anywhere from a few hundred kilobytes to several gigabytes. Their transfer speeds also vary considerably.The disadvantage of tape drives is that they are sequential-access devices, which means that to read any particular block of data, you need to read all the preceding blocks.” As a result, “[t]he data on a backup tape are not organized for retrieval of individual documents or files [because] .the organization of the data mirrors the computer’s structure, not the human records management structure.” Backup tapes also typically employ some sort of data compression, permitting more data to be stored on each tape, but also making restoration more time-consuming and expensive, especially given the lack of uniform standard governing data compression.

5. Erased, fragmented or damaged data:
“When a file is first created and saved, it is laid down on the [storage media] in contiguous clusters. As files are erased, their clusters are made available again as free space. Eventually, some newly created files become larger than the remaining contiguous free space. These files are then broken up and randomly placed throughout the disk.” Such broken-up files are said to be “fragmented,” and along with damaged and erased data can only be accessed after significant processing.

Of these, the first three categories are typically identified as accessible, and the latter two as inaccessible. The difference between the two classes is easy to appreciate. Information deemed “accessible” is stored in a readily usable format. Although the time it takes to actually access the data ranges from milliseconds to days, the data does not need to be restored or otherwise manipulated to be usable. “Inaccessible” data, on the other hand, is not readily usable. Backup tapes must be restored using a process similar to that previously described, fragmented data must be de-fragmented, and erased data must be reconstructed, all before the data is usable. That makes such data inaccessible.  Zubulake v. UBS Warburg LLC, __ F.3d __, NYLJ May 19, 2003, at cols. 5-6 (S.D.N.Y. March 2003).

The Bottom Line: Who Should Pay for Producing Copies of “Accessible” Records and for “Inaccessible” Records.
In Zubulake, the court ordered the defendant, employer UBS Warburg LLC, to pay the cost of producing e-mails stored in active use or on archived optical disks.   The court remanded to a magistrate judge the allocation, in accordance with the Zubulake court’s seven-factor test, the costs of producing e-mails stored on backup tapes.   Production of records from the backup tapes and from archived optical disks was estimated to cost were estimated at  $300,000.   In this case, the terminated employee had been earning $500,000 a year in compensation, and the employer was a major international investment bank.

In the final analysis, this raises issues for enterprises (and their records management service providers) in connection with litigation strategy.

Best Practices in Records Management in Outsourcing.

In the era of electronic signatures, electronic litigation discovery and mandatory reporting procedures for publicly traded companies, certain “best practices” are emerging.

Service Level Agreements and Standards of Care.

Records management services agreements have generally defined the service provider’s standard of care both in legal terms (degree of negligence) and in technological and business terms (specified business procedures whose inputs and outputs are objectively measurable as service level agreements).

Business Purposes and Risks in Rapid Accessibility to Business Records.
Enterprises might wish to think twice before storing all e-mails on easily accessible storage means, such as Storage Area Networks, network attached storage and other “online” or “near-online” technologies.  If the enterprise is defending against a claim of unfair employment termination, it might be advantageous not to spend the additional cost for the more rapid method of access.   However, if the enterprise is considering use of historical e-mails for development of a knowledge basis using semiotic, robotic knowledge generation tools, the shareholders will probably reap great economic benefit from the “online” and “near-online” technologies.

Service Level Agreements.
All documents are not created equal.   The customer’s records retention policy must be clear.  The customer may need the right to change the SLA’s in response to newly mandated record keeping requirements, ranging from a longer statute of limitations to more detailed accounting reports under the Sarbanes-Oxley Act of 2002 (more related links at end of article).

International Records Management.
Records management generally should be maintained in the country where the records originate.   As enterprises globalize, internationalization of records management follows.   As a result, the peculiar legal issues relating to international business transactions should be identified and resolved as part of any international records management service contract.

Data Warehousing.
This phrase “data warehousing” describes the consolidation of disparate forms and types of data under “one roof,” that is, in a manner accessible from one program.   As digital information becomes more easily accessible to the data masters, so it may be more easily accessible to those, acting in litigation, seeking to obtain copies of that information.

Limitation on Liability.

An enterprise customer’s loss due to “poor” records management can come from any one of several sources, including:

• loss of business records required to comply with contractual, statutory, regulatory or judicial obligations.
• loss of goodwill.
• fines and penalties from failure to maintain records, or to file official declarations and “returns” that are based on such records.
• adverse evidentiary presumption in case of proven spoliation of evidence.
• loss of rights in a trade secret.
• loss of rights in a patent or patent application.
• compulsory disclosure of business records that constitute an admission against interest in litigation.

Before agreeing to limitations on liability, the enterprise customer should consider each of these business risks and evaluate the likely impact on the enterprise.   Alternatively, the solution might lie in an enhanced SLA or more detailed statement of work.

Insurance and Other Risk Mitigation.

The enterprise and its corporate officers, directors and even shareholders may become directly or vicariously liable for the negligence or willful misconduct of its external service providers that provide records management services.    The corporate risk manager should review the company’s and the service providers’ insurance policies for errors and omissions, directors’ and officers’ liability insurance and coverages for valuable papers and business continuity.

Securities Law Compliance.

Record keeping is now a strict obligation under the U.S. federal and state securities laws.  The Sarbanes-Oxley Act of 2002 amended the federal securities laws to require that the CEO and the CFO certify that the financial reporting systems are adequate.    Service providers in the field of records management and document management should determine how much risk they are willing to assume in relation to liability arising out of:

Insurance and Other Risk Mitigation.

• erroneous document retention policies of the enterprise customer;
• negligence or gross negligence by the records manager; and
• faulty procedures in any transfer or storage of data, including commitments of complete redundancy, data mirroring and disaster recovery.

Periodic Inspections and Verifications.

Trust depends on continued reliability.  Audit and inspection are a normal part of the outsourcing processes.  In the field of records management, the preparations for the date change in the year 2000 launched a global business process of disaster recovery testing.  Normal records management should have periodic inspections and verifications to ensure the processes continue as promised and, more important, as may be required to comply with emerging applicable law.

Forensic Investigations: Distinguishing Ordinary Outsourced Investigation from Privileged Investigation

October 9, 2009 by Bierce & Kenerson, P.C.

Many providers of finance and accounting (“F&A”) services cover a broad array of managed services.  The functions of internal audit, pre-litigation claims and, more specifically, insurance claims processing deserve special attention from a legal standpoint.  This article addresses distinctions between ordinary managed services (subject to pre-trial discovery) and “privileged” investigations that are not disclosable to adversaries in litigation.  The analysis applies across all forms of business process outsourcing (“BPO”), but is particularly appropriate for F&A, HR specialty outsourcing and Sarbanes-Oxley “Internal” Audit.

Normal Rules of Discovery or Disclosure.

Under American rules of civil procedure, litigants are required to disclose to their adversaries information that could be used as evidence, or that could reasonably be expected to lead to the disclosure of evidence.  Ordinary conduct of business, including managed services (or “outsourcing”) is subject to the normal rule.

This rule (sometimes called pre-trial discovery, sometimes called pre-trial disclosure) has several purposes:

• to force each party to identify “reality” and not make any claims or defenses unless justified by the facts.
• to enable a party to discover and use the facts to challenge claims or defenses of its adversary.
• to promote settlements, and thereby reduce the burden of litigation on the court system.
• in criminal cases, to give the accused access to “Due Process” under U.S. Constitutional norms.

Work Product Exception.

Investigations by attorneys or persons under the control of attorneys may be entitled to escape the normal rules of disclosure.  Such investigations are conducted in anticipation of litigation. Businesses at risk of liability to third parties, employers and insurance companies investigating claims are entitled to assert the legal privilege to avoid having their investigators be required to testify in pre-trial depositions and otherwise disclose evidence before trial.

As a matter of public policy, such investigations are confidential and privileged, and the investigators are not subject to depositions during the pre-trial discovery process in order to preserve attorney-client communications and to enable to develop attorney work product free of intrusion.  The confidentiality and privilege enable clients to obtain legal advice free of risk of disclosure.  The attorney-client privilege and attorney work-product privilege to do not, however, protect a client from the duty to testify as to facts witnessed directly by the client outside any attorney-client communication.

A string of recent court decisions has examined the conditions under which an insurance company’s examination of a claim crosses the line from being an investigation performed in the ordinary course of the insurer’s business (and thus not eligible for the legal privilege) or work performed in anticipation of litigation.  Travelers Casualty & Surety Co. v. J.D. Elliot & Co. P.C., ____ F.3d ___, NYLJ Oct. 25, 2004, p. 25, cols. 3-4 (S.D.N.Y. 2004), Judge Pitman; Weber v. Paduano, 02 Civ. 3392 (GEL), 2003 WL 161340 (S.D.N.Y. Jan. 22, 2003); Mt. Vernon Fire Ins. Co. v. Try 3 Bldg. Svces., Inc., 96 iv. 5590 (MJL) (HBP), 199998 WL 729735 (S.D.N.Y. Oct. 16, 1998); Am. Ins. Co. v. Elgot Sales Corp., 97 Civ. 1327 (RLC) (NRB), 1998 WL 647206 (S.D.N.Y. Sept. 21, 1998); see also United States v. Adlman, 134 F.3d 1194, 1199 (2d Cir. 1998).

Burden of Proof.
The party asserting the work product protection bears the burden of establishing the applicability of the work product exception.   If that party seeks to deny all testimony by an investigator, it must prove the availability of the work product exception at all stages of the investigation, from beginning to end.

Standard for Determining When Work Product Exception Applies.
In the Travelers decision, the court noted that there is no “bright line” test for determining when an insurance company’s investigative work is not privileged (i.e., it is merely performed in the ordinary course of business) and when it is privileged as an investigation done in anticipation of litigation.  The court rejected the use of a line based on investigation done prior to the filing of any insurance claim.

A first factor is whether the investigator was retained before any decision was made whether the insurance carrier would reimburse its policyholder for an insured loss.  If the investigation is conducted before there is any reason to expect litigation from either the policyholder or against potential third party sources of reimbursement (under the principle of subrogation), the investigation does not qualify for the work product privilege.

A second factor is whether there was any actual threat of litigation at the time when the investigator was retained to conduct the investigation.  If there is nothing in the file to indicate that litigation is on the horizon, or perceived to be “on the horizon,” the privilege will not apply.

A third factor is whether the investigator is hired by an attorney or merely by the business, employer or insurance company.  There should be some showing that litigation counsel has been retained in order to justify work product privilege.

Impact on Outsourcing.

Internal investigations by providers of outsourced services are normally not eligible for work product privilege.  Enterprises and their F&A outsourcing service providers should adopt certain “best practices” to preserve work product privilege.

• Identify that Litigation is Anticipated.
  If the enterprise customer or the service provider does anticipate any litigation, whether between the two parties or in relation to a third party whose rights might have been injured by an act or omission of the enterprise customer or the service provider, then litigation counsel should be consulted.
• Records Management.
  The parties should establish a log of “anticipated litigation” and maintain it under the management of lawyers.  The records should be clearly marked so that there is no doubt that the investigations are conducted with some specific fear or threat of identifiable litigation “on the horizon.”
• Separate the “Ordinary Work” from the “Work in Anticipation of Litigation.”
  The enterprise customer and the F&A outsourcing service provider should clearly define the scope (statement of work) to include separate categories of “ordinary work” (the usual managed services) and “work in anticipation of litigation” that could be identified and administered separately.   This segregation would insulate the validly privileged internal audit from the non-privileged ordinary operations.

• Publisher’s Blog

  Visit our publisher's blog, Bierce on Business, for commentary on current events.
  
  Registered Users
  We are currently not accepting new registrations, but existing users can still log in.