It is not just pieces of paper but even seemingly robust corporate reputations that can be shredded when organisations go in for ill-considered destruction of electronic documents

In May 2002, brokers at several prestigious Wall Street firms had their good names trashed by the US media when they were discovered to have trashed their own deal-related e-mail messages the law required them to retain for at least two years. In a stunning example of self-inflicted collateral damage, the firms, where brokers typically earn seven figure bonuses, each argued in the New York Times that keeping e-mail messages was too expensive.

Two months earlier, on this side of the Pacific, British American Tobacco and Clayton Utz had won themselves reams of bad publicity after Justice Geoffrey Eames of the Supreme Court of Victoria found both had subverted the process of discovery in the case of McCabe vs British American Tobacco Australia Services Limited (BATAS). Justice Eames concluded BATAS had developed a document retention policy for the primary purpose of destroying material that would be harmful to it in the defence of any litigation, with the deliberate intention of denying a fair trial to the litigants. He found some of Clayton Utz's senior partners had worked with an army of litigation lawyers to implement the policy of document destruction.

While the Court of Appeal disagreed, finding insufficient evidence to prove either BATAS or Clayton Utz had systematically destroyed documents, this decision itself may yet be overturned by the High Court. Either way, the stink of poor publicity seems destined to hang around.

Now lawyers are warning businesses that rely overly much on the Delete button and industrial-sized paper shredders to cover corporate embarrassments to rethink their practices. And so CIOs, as the custodians of all corporate data, need to ask themselves whether they might not in future be made the scapegoat when corporations get into trouble over the inappropriate destruction - or retention, for that matter - of data.

"With the electronic evidence explosion, both technology people and attorneys as well as executive managers are really being faced with a bunch of new problems, and on the forefront of those problems is dealing with electronic evidence and document retention," says Michele Lange, a staff attorney with US electronic evidence services group Kroll Ontrack.

Not on the Radar

Electronic document destruction and retention has sat somewhere below the radar for most CIOs until recently, but events in the courts have given them some very good reasons to pay it much closer attention. Where once they struggled, courts have showed considerable sophistication over the past couple of years in dealing with electronic documents, and lawyers routinely issue subpoenas for files on servers and backup tapes in the course of legal disputes. Heaven help the corporate reputation of any organisation unable to comply with such demands from courts or regulators because required documents have been destroyed.

Regulators are getting more involved too. Among the new rules issued by the US Securities and Exchange Commission (SEC) to enforce the Sarbanes-Oxley Act, which comes into force on October 31, is one requiring auditing firms to retain every document that influences its report about a client for at least seven years, in case they are needed for an investigation. Lawyers in the US are advising the rules mean every public company and some private ones will need to start keeping these records too if they wish to avoid liability in some unforeseen investigation. Lawyers in Australia warn any companies dealing multinationally may be swept up in the demands.

"I think that from the Sarbanes-Oxley standpoint [document management] is a huge issue. It's happening today and I think that one cost is that executives go to gaol, and companies are being fined massive amounts," says Surety CEO Tom Klaff. "There's a huge hard and soft dollar cost associated with tampering with records and deleting the records and shredding. And in the Wall Street Journal we're seeing every day instances where this is happening, and it's probably happening more than we know because these are only the high-profile cases."

Klaff says CIOs, CFOs, CEOs and general counsels are all liable, but particularly the CEO and CFO who signs their names to the filing of financial statements. "The issue is that as a CFO or CEO you're signing your name that you attest to the validity of the statement, even though you've never met the thousands of employees who are responsible for the sales contracts and all the ancillary data that comprises those reports. So it needs a fig leaf of faith and a fig leaf of trust," he says.