Introduction

Following a thoughtful Records and Information Management (“RIM”) program is an important mandate for any company, applicable from the point of corporate inception throughout the organizational evolution, including during mergers, acquisitions, divestitures and potential dissolution (collectively, “reorganization”). As recognized in a pair of recent sanctions decisions out of the Federal Circuit, the purpose of this “good housekeeping” practice is to simply limit the volume of files and retain only that which is of continuing value.i It is a costly mistake to remain ignorant of both the efficiencies to be gained, and the risks to be avoided, by paying proper attention to your RIM program, especially during a corporate reorganization.

While a successful, defensible RIM program takes into consideration cultural aspects of the organization it governs, certain key elements should always be present. Key components include:  

  • Documentation and training related to the company’s record retention policies, e-mail policies, social networking policies, operational procedures and departmental schedules.  
  • Lifecycle management policies and procedures addressing, among other things, information governance, preservation and the secure disposition of data.  
  • ‘Best practices’ that cover operational efficiencies such as an annual review of off-site storage vendor contracts, regular audits of technology functionality, and backup media rotation and disposition cycles that ensure that these media are not over-retained and are used solely for disaster recovery purposes. (This is an area particularly ripe for scrutiny during due diligence efforts in the event of reorganization.)  

This alert offers advice on how to steer clear of common pitfalls during a corporate reorganization and provides tips on how to navigate the process to maximize the value of your information while preparing for a post-reorganization world.  

Create a RIM Program

It is never too late or too early to implement a RIM program. The resources you spend on its design and deployment will be quickly eclipsed by the benefits you reap if done properly. The measure of a successful RIM program is its ability to be operationalized at a cost proportional to the risk it seeks to minimize, while supporting your business with minimum disruption and improved efficiency. Indicators of a well-designed RIM program include a “yes” answer to the following questions:

  • Is the over-arching policy accessible and easy to understand by the affected employees?  
  • Were retention schedules devised in a manner to balance risk against cost?  
  • Is the program simple enough to be easily implemented and audited?  
  • Is record disposition handled in the ordinary course of business, automated where possible and deployed in a secure manner so as to meet privacy and other regulatory requirements?  

Identifying Challenges

The list below identifies some of the more common challenges encountered by organizations during reorganization or dissolution and offers some advice on how to address them:  

  • Time constraints. Quickly mobilizing to facilitate a due diligence exercise involves a significant amount of coordination and a reliable communications network. Identify one or two records-savvy managers (in the IT and/or records department(s), ideally) to be responsible for the project and make one of them the single point of contact for the due diligence team. A preexisting RIM program that anticipates a due diligence scenario significantly increases the efficiency of the exercise.  
  • Not always a records person “on the other end.” It is helpful to have dedicated records personnel on both sides of the deal, but that is often not the case. Creativity in finding knowledgeable contacts may be necessary to get the information you need. This is especially important as you formulate a plan to minimize business disruption during the integration of the records and IT systems.  
  • International concerns. If foreign offices play a role in the deal, there may be privacy law issues related to any foreign data sought during the due diligence exercise. Consult your privacy officer or outside counsel to flag potential issues prior to commencing due diligence. Post-reorganization companies may need specific contracts to facilitate records transfers between domestic and international offices.ii  
  • Ownership and access to records. Most information is “owned” by various groups within the business. Overcoming security and privacy concerns during the integration of records and IT systems requires knowledge of the corporate culture and an understanding of applicable legislative and regulatory requirements. Involve the respective Chief Information Officers or other technology managers early in the process.  
  • Electronic documents. There are no common IT standards with respect to computers, servers, e-mail systems, office suites, backup systems and other software. Documents can exist in multiple formats and on a variety of systems. Media and format obsolescence should be addressed, as some data may become difficult to read and use in the future. If you anticipate tensions between merging departments, consider hiring an independent consultant to provide an outsider’s perspective on the best approach to post-reorganization records management.  
  • Data disposition. Old data is expensive to maintain and can be a liability to either or both of the parties to a deal. As your company goes through reorganization and is taking stock of its data inventories, it may be a convenient time to dispose of unnecessary backup tapes and legacy data.iii  
  • Retention schedules. Anticipate competing records-retention policies and schedules. It is important to decide whether to merge programs, continue to have separate practices or to start with an entirely new program. Counsel can help you devise and implement a program appropriate for the reorganized entity.  
  • Reduction in resources. After the deal is done, finding the right personnel to answer questions related to records and technology can be difficult. Address this challenge early. While a transition team is essential, identify a contact person who will be available when unanticipated questions arise later, especially in the context of litigation. Consider executing a retainer or consulting agreement with key personnel before they leave the company.
  • Pending or active litigation. When designing a RIM program your company must factor in the impact of retention mandates on current and future litigation. Though courts understand that “most document retention policies are adopted with benign business purposes, reflecting the fact that ‘litigation is an ever-present possibility in American life,’”iv there will be severe consequences for the party whose policies are designed explicitly to further a company’s “litigation strategy by frustrating the fact-finding efforts of parties adverse to [it].”v The most defensible retention policies are those that enable “the destruction of documents on a regular schedule. . .and are motivated by general business needs, which may include a general concern for the possibility of litigation.”vi  

Due Diligence

Cindy Warner, of PricewaterhouseCoopers’ CIO Advisory Services group, observes that “[r]ecords management and IT have frequently been step-children to the due diligence process but are major contributors to the ultimate success or failure of those endeavors. Valuations are key and records and information management plays a critical role in determining how effectively the merged organization is able to integrate information and skills.”  

A thoughtful RIM program will help you prepare for a productive due diligence exercise and will also help you identify and preserve relevant information created as a result.vii

RIM program protocols should include instructions relating to:

  • the review of the entities’ respective records-retention schedules;  
  • access to any off-site storage vendor facilities or hosted applications;  
  • identification of any password-protected or encrypted data; and  
  • the migration and integration processes for electronic documents and other data.  

Include a checklist of the following tasks as part of your RIM program materials:  

  • Establish a formal relationship between RIM program facilitators and the M&A due diligence teams.  
  • Set up communications methods between RIM program facilitators and M&A due diligence teams, and between RIM program facilitators on both sides of the deal.  
  • Get a list of records each party will produce. (A list may be found in the acquisition or merger agreement or other business documentation.)  
  • Address treatment of privileged and confidential documents,viii as well as any statutory bases of privacy (e.g., HIPPA, GLBA) that may apply.  
  • Create a decision process to determine internal RIM authority after organizational changes.  
  • Check the date of the last records inventory. If it was more than a year ago, determine whether the inventory needs to be updated.  
  • Consider any regulatory obligations related to the records at issue in this deal.  
  • Identify any records currently subject to litigation-related preservation notices. Are those records among the assets to be transferred? Are those transferred record sets complete with respect to the identified preservation obligation?

Preservation Considerations

Preserving information potentially relevant to an actual or anticipated lawsuit can be challenging when your company is reorganizing. In order to avoid costly motions practice and possible sanctions,ix consider the following:

  • All parties to the deal should identify the information that needs to be preserved in response to active litigation holds, as well as preservation obligations resulting from “reasonably anticipated” litigation.x The parent company divesting itself of businesses must be especially sensitive to its preservation obligations to current plaintiffs.xi  
  • “Reasonably anticipated litigation” includes potential litigation resulting directly from the present deal negotiations. Companies must prepare for a conflict between parties to the (failed or realized) reorganization.xii  
  • Parties to the deal must also address the question of who bears the responsibility of post-reorganization preservation efforts for actions brought by a third party (e.g., shareholders), including who will draft and update any required preservation notices and notice reminders.xiii If you assume liability with respect to certain lawsuits, your preservation obligations may extend to documents beyond those normally obtained by an acquiring company,xiv possibly including information located on IT systems owned by the parent company of the acquired entityxv or information located in directors’ home computers and personal e-mail accounts.  
  • Understand that you may need to reach out to individuals outside of the records or IT departments for information on relevant records. Human Resources, Finance and Accounting are typically other key document custodians.  
  • Implement a plan to maintain communication between the reorganized entities should there be any questions regarding any adopted hardware systems, software applications or electronic information that may become relevant to litigation.xvi If personnel is reduced as a result of the reorganization, confirm that there is a knowledgeable and accessible contact who can assist the enduring IT department with any questions during the transition period.  
  • If all relevant electronically stored information will not be transferred to the acquiring company, that company should consider seeking an agreement from the organization retaining the information stating that it will preserve all relevant information in response to a third party preservation notice.  
  • Even if a company shuts down completely, there are records that may still have to be preserved. This requirement can arise as the result of applicable legislation (e.g., EPA documents and tax records)xvii or because the company anticipates litigation post-dissolution or divestiture. There must be a sustainable plan for maintaining these records so that they are accessible.xviii Consider creating an authoritative database for the storage and cataloging of these records.  
  • Document RIM-related decisions to create a record that will support the defensibility of your post-reorganization program.  

Conclusion

A reorganization—be it through a merger, acquisition or divestiture—exposes the parties to the deal to risks related to the deal itself, risks associated with litigation that may result therefrom, and risks associated with litigation brought by third parties before and after the deal is abandoned or completed. A thoughtful RIM program may reduce your exposure to these risks by arming you with complete information, facilitating a strategic integration process and providing documentation to support the defensibility of preservation decisions.