Caroline Morgan featured in CSO article on best and worst record retention practices

Caroline Morgan featured in CSO article on best and worst record retention practices

Culhane Meadows’ New York partner Caroline Morgan was recently interviewed for an article by CSO about record retention do’s and don’ts.

Here are a few excerpts from the article:

While sports records are made to be broken, enterprise records are made to be retained—at least until they’ve outlived their usefulness. As regulatory mandates rapidly multiply, enterprises are facing a document tsunami, as current and outdated records begin overwhelming the human and IT resources necessary to securely store, track, manage and eventually destroy them.

Each records class has a retention period that’s defined by a combination of corporate policy, business risk tolerance, external legal advice, regulatory requirements and legal obligations, says Sean Riley, a principal at Deloitte Risk and Financial Advisory. “Some records only need to be kept for three years, others may need to be kept indefinitely for business value or legal reasons,” he notes.

Records retention is really all about records destruction, says Dan Frank, also a principal at Deloitte Risk and Financial Advisory. “Most organizations are very good—too good—at retaining data,” he says. “The CISO’s primary responsibility is to ensure that the organization has secure data and records destruction capabilities, as well as corresponding technologies that securely delete data and records when appropriate.” Preserving obsolete records can lead to wasted time and needless confusion as researchers find themselves plowing through outdated files as they search for the records they actually need. Failing to properly curate records also drives up storage and backup costs.

The regulatory landscape is constantly changing and CISOs need to be prepared to quickly adjust record retention periods whenever regulatory or legal changes demand a change. Failing to act promptly can lead to serious financial and litigation consequences when still-needed records are automatically purged via inaction. It’s important to maintain tight oversight on retention periods, advises Caroline Morgan, a partner in the New York offices of national law firm Culhane Meadows. “You have to find your records retention sweet spot,” she adds.

Morgan also urges CISOs to monitor exactly how management and staff are accessing and handling records. Keep your ear to the ground,” she says. “No matter how perfect a record retention policy is on paper, if people don’t comply with it, it’s useless.”

To view the article, click HERE.


About Culhane MeadowsBig Law for the New Economy®
The largest woman-owned national full-service business law firm in the U.S., Culhane Meadows fields over 70 partners in ten major markets across the country. Uniquely structured, the firm’s Disruptive Law® business model gives attorneys greater work-life flexibility while delivering outstanding, partner-level legal services to major corporations and emerging companies across industry sectors more efficiently and cost-effectively than conventional law firms. Clients enjoy exceptional and highly-efficient legal services provided exclusively by partner-level attorneys with significant experience and training from large law firms or in-house legal departments of respected corporations. U.S. News & World Report has named Culhane Meadows among the country’s “Best Law Firms” in its 2014 through 2020 rankings and many of the firm’s partners are regularly recognized in Chambers, Super Lawyers, Best Lawyers and Martindale-Hubbell Peer Reviews.


The foregoing content is for informational purposes only and should not be relied upon as legal advice. Federal, state, and local laws can change rapidly and, therefore, this content may become obsolete or outdated. Please consult with an attorney of your choice to ensure you obtain the most current and accurate counsel about your particular situation.