Retention Schedule Research Update Best Practices

Posted on by

My blog last week was devoted to the importance of the retention schedule. This week I want to discuss various methods I have seen over the years for updating or refreshing the regulatory research used to support your retention schedule. These approaches vary depending on your organization’s appetite for risk. Ultimately, an organization cannot, or should not, simply pick retention periods at random, without first consulting the minimum retention regulatory requirements, plus other considerations such as statute of limitations concerns, privacy, format, location and even storage requirements. These are all spelled out in the retention regulations, of which there are hundreds of thousands believe it or not, especially if your organization has a global footprint.

  • HISTORICAL APPROACHES

As late as the 90’s and early 2000’s, organizations employed one of a few approaches to update their retention schedules, particularly the regulatory updates. By this time, most organizations had come to realize that it was impossible for a single internal individual or even an internal team to keep up with the plethora of regulations. This gave rise to the following approaches:

  1. The Skupsky approach – This was the approach many organizations took to update their retention schedules, with a relatively affordable database of research. The downside to this approach was that it forced organizations to organize their retention schedules using the same or similar taxonomy to the Skupsky database. Many also found the research was either outdated or not relevant to their organization.
  2. The Big Law approach – The largest organizations paid large law firms like Baker & McKenzie millions of dollars to conduct the research and provide retention recommendations. Obviously, this was not an approach most organizations could afford.
  3. The Consultant approach – Most organizations took to consultants for help with regulatory updates. Consultants could do the same work as a law firm for a fraction of the price, but the downside was that the research was not necessarily done by attorneys and for some organizations a consultant’s work-product was not enough to pass the legal compliance test. This is where I got my start with Jim Coulson’s Records Improvement Institute. Jim decided to invest in a practicing lawyer to oversee the research and thus overcome the legal compliance concerns. Still, the process was expensive, as I would sometimes have to hop on a plane to a foreign country to visit local libraries and conduct the research locally. Needless to say, regulatory updates were equally expensive.
  • MODERN APPROACHES

The arrival of the internet and online access to regulatory databases opened the floodgates for more affordable approaches to regulatory research in support of retention schedules.

  1. The VIRGO approach – By the mid-2010’s, a key to the success of Virgo (now owned by Access Corp), for instance, was the availability and tremendous improvement of online translation tools. When we first formed VIRGO around 2015, we still had to rely on native speakers to translate laws from foreign countries. However, within a few short years, online translation tools improved significantly. (By the way, translation tools demonstrated early the success of artificial intelligence.) At the same time, the availability of online research databases increased exponentially. To this day, VIRGO remains a viable approach for many organizations, but the cost of a subscription can be prohibitively expensive for most small to medium sized organizations. The same is true for VIRGO’s main competitor, Iron Mountain’s Policy Center.
  2. The Defining Regulations approach – One approach that I find risky but have seen is for organizations to track only the most salient or defining regulations applicable to the organization. This risk-based approach chooses to focus only on the handful of regulations that could land the organization in hot water. The main benefit of this approach is that it is possible for a single individual (e.g., the records manager) to track the progress of these key regulations. I have seen this approach in the insurance sector, for instance. My concern here is that if a dedicated professional is not keeping an eye on other important legislation that could impact the organization’s retention schedule, then the retention schedule can easily fall out of compliance. In all fairness, I have seen this approach for years now, and I still have not heard from anyone that any of my concerns have come to light.
  3. Back to the Consultant approach – These days, small to medium sized organizations in particular continue engaging with consultants. Now that the research is more accessible and far more affordable with the likes of FilersKeepers, for instance, consultants are able to compete.
  4. Back to the Law Firm approach – Small boutique law firms like mine (Isaza Law), can now offer organizations (particularly small to medium sized highly regulated organizations) the best of all worlds between the Big Law approach, the VIRGO approach and the Consultant approach. Small law firms also have access to the same research resources as Big Law, except much more affordably. And, the added benefit is that the entire work-product is validated by a law firm and thereby arguably more defensible in court. Needless to say, the relationship with a law firm also allows for ongoing legal consulting on sensitive legal issues like e-discovery, privacy concerns, pending or anticipated audits or investigations. If interested in this approach, please contact us for a “no obligation” initial consultation.