Risky Business
Risky Business
Australian legal experts are calling for organisations to be more aware of their electronic document and records management systems so that they can avoid falling foul of a plethora of legal Acts that could easily catch them out for being non-compliant. Rodney Appleyard reports on why this need to keep track of every document and email is increasing all the time, and how organisations can make sure they are better equipped to avoid being caught out in court
Nick Abrahams, a lawyer and partner for Deacon’s Law firm, claims that many organisations assume that IT can take care of all of the electronic records and documents. He believes that this misconception has been fuelled by the media reporting that anything wiped out can be found again. He believes that life is much more complicated than this in the technology sector.
“There are laws out there that specifically oblige organisations to retain records over a particular period of time. So we don’t have one law that dictates that all records should be retained for seven years, or anything like that, but there are many statutes, mainly that relate to tax. We are blessed with a lot of taxes here in Australia and each one has obligations around retaining records and verification of the details kept on file. Therefore, if you don’t keep those records and the organisation is queried over these records, then each company will have a difficult time answering the tax auditor when he/she comes around. For example, the Corporation tax includes obligations that demand that certain types of records should be retained for seven years.”
Abrahams says that people not only have to keep these records, but they also have to deliver them on request. The trouble, he believes, is that organisations do not know how to find these important documents with ease.
“In addition, there are variations of the WorkPlace Relations Act, the Industrial Relations Act, the Long Service Leave Act, and the Workers Compensation’s Act and they all contain varying years of record retention. There is also the Privacy Act, which dictates that organisations are only obliged to retain records, or personal information, for the purpose of running the business. This involves an obligation to destroy personal information that is not required. This means that organisations should be culling this irrelevant information at regular intervals. Gone are the days when you could keep everything. There needs to be a sensible approach towards what is retained and what is not retained.”
He admits that it is difficult for the average organisation to focus its time and energy into thinking about all of these different Acts and their requirements. But his advice to them is to do all they can to avoid litigation.
“In my experience, if you have got a dispute which looks like it could potentially go to litigation, if you can come back with an overwhelming amount of evidence that supports your side of events, then you are likely to win the dispute without the need for litigation, because the other side will look at what you come with and think: ‘Well, they’ve got a really good case, they’ve got all their stuff together. Are we prepared to go at them?’ There tends to be a lot of posturing before going to court. So if you’ve got quality evidence that will be very powerful at assisting you to settle a dispute.”
However, if you do get into litigation, Abrahams believes that the integrity of the storage systems will be tested to ensure that the information presented is an accurate copy of the original. In addition, the concept of discovery is essential. Each side has to make documents available by a certain date. If either side does not meet that deadline, the court will take a very dim view of this.
He also points out one more core area that needs careful care and consideration. “In New South Wales, we have got the NSW WorkPlace Surveillance Act. This basically means that employers cannot monitor emails unless they have a policy in place which means that the employee has been notified that his/her emails are being watched. Organisations need to start getting ready for this Act, otherwise, if the policy is not in place, and you suspect an employee is engaged with fraud, you won’t be able to do any email monitoring, unless you give that person 14 days notice that you are going to monitor his/her emails.
“Also, with sexual harassment, it would be helpful if employers were checking on emails and keeping backup copies to protect these cases.”
Despite these pitfalls, Abrahams believes that Australian organisations are becoming more aware of the need to ensure these protections, although more people should consider these issues and structure policies accordingly.
“I think these organisations need to understand the obligations that they have on them in terms of statutory obligations, and then an audit needs to be made about where they fall within their risk profile under each of these aspects. In relation to tax Acts, the CFO might think he’s got this under control but there needs to be analysis done of where the risk lies within the organisation and then a call needs to be made as to how the organisation is going to approach electronic records management, especially in relation to email. This might include storing or monitoring emails. They will need a fixed policy in place in NSW quickly, otherwise organisations will find themselves in a difficult situation.”
Benjamin Wooley, vice president of sales and marketing at Redmap - a company that specialises in capturing, managing and protect email and other electronic documents, backs up Abrahams' claims. He believes that organisations have no choice but to second guess what might happen over the next 12 months. “More responsibility needs to be focused at the filing clerk. Every single piece of information needs to be carefully managed. This is why our solution is so useful. Our system allows users to take a copy of every single email message in the organisation, and store this information by author, date or content, for example. We can restore entire Inbox’s that have been lost or deleted.
“People have made a shift away from sending letters, but they have got to understand that writing an email now is just like sending a letter. People used to take copies of letters for legal reason, but they don’t understand that this is also what you have got to do with emails now too. Directors have to get IT savvy and wake up to the reality that they have to backup all their emails for legal reasons.”
Queensland Racing is one example of an organisation that used Redmap’s solution to gain control over its email management problems. This organisation controls the licensing of all participants in the horse racing industry, including jockeys, trainers, and stable hands, as well as the development and capital works of racetracks across the state.
It faced the problem of having to retain up to 30 years worth of documents because the race industry is governed by a range of state and federal legislation. It has over 4,000 licences currently issued to trainers, jockeys, track work riders and stable hands - all of which need to be renewed yearly, which means that it has a vast amount of information every month that needs to be filed, stored and frequently accessed.
As a result, these documents and emails were very difficult to retrieve, due to the lack of a central repository for emails. So the organisation decided to use Redmap’s ManagePoint to file and archive its mass of paper and email files. This involved an outsourced scanning bureau being contracted to scan dozens of boxes of archived files dating back more than 10 years. These were transferred to DVD and then loaded into ManagePoint.
CaptureMail was then integrated to improve email retention. This system copies and indexes every email that is sent or received, to ensure the management that it is a simple process to find any email in the future. David Rowan, Queensland Racing’s IT manager, explains the difference it has made to the organisation.
“Accessing the emails from more than three months ago was virtually impossible. It took days to sift through. .PST files that were restored, and find the relevant email. If only we had CaptureMail back then, finding an email based on certain criteria or by content would have been a lot more user friendly.”
Once directors of companies can get to grips with the idea of treating emails like they used to treat paper and put systems in place that enables users to retrieve information easily, Abrahams' frustrations and concerns for Australian organisations falling foul of the law may begin to dissipate.
Comment on this story
Related Article: