Many firms include within their policies that the employee agrees that any such local information is the property of the firm and is to be deleted upon termination, that they agree to adhere to the firm's retention policy across any and all devices, and that the firm retains the right to remotely wipe the device if it is misplaced, stolen or if the employee leaves the firm. In the event that this must be done, the IT team needs to be involved in "digital cleansing" of the device as simply deleting files does not always ensure they are actually gone.
The email retention policy should also outline the firm's right to review emails to ensure compliance with the policy, as well as consequences to the employee for not complying with them. These consequences are not to be taken lightly as the firm must adhere to the policy across the board or face it being thrown out in the event of litigation.
The IT department also must be involved in the creation of the policy as they will need to implement email archival tools and processes to enforce and manage it. The reality is that if the policy is too hard to comply with or the email tools too difficult to use, personnel will find a way to work around it, so this consideration needs to be incorporated. When policies mandate the destruction of old emails, the IT team will be involved to verify that procedures were properly completed and that the data on any backups has also been taken into account. IT personnel will also need to be included as a part of a litigation response team in the event that the firm anticipates a law suit or regulatory inquiry, so they can immediately suspend the document destruction policy for a litigation hold and properly document which files are impacted. In this regard, the IT team will also be involved with managing a central archiving or document management solution for those firms that choose automated tools.
Once the policy is written and reviewed by the firm's legal counsel, it must be explained to firm personnel and verified that they understand how to apply it including any training on the firm's archival tools. This training should extend to any interns, part-time employees, or subcontractors and all firm personnel should be reminded annually. Please note it is generally accepted that if the firm leadership and personnel choose not to adhere to the firm's policies, most will agree that the firm should not implement it, so it is critical to get them onboard in the beginning.
Creating and implementing an email retention policy is not an easy process as evidenced by how few firms actually have one in place but if the firm works with the right providers, it can be done and it is usually less expensive before receiving a subpoena from an attorney.
Roman H. Kepczyk, CPA.CITP is Director of Consulting for Xcentric, LLC. and works exclusively with accounting firms to implement today’s leading best practices and technologies. Roman is also author of “Quantum of Paperless: A Partner’s Guide to Accounting Firm Optimization” which is available at Amazon.com