When IT executives end up in court, they are often surprised to find it's not enough to have tried to act ethically. What else do you need to do?

Whether or not this is formally acknowledged, the IT department is the centre of record-keeping in an organisation.

As a result, the work of IT directors is critical to any lawsuit. Whether an organisation faces an unfair dismissal claim, a theft of intellectual property or something other legal problem, organisations must demonstrate that they have complied with legal requirements for storage of information.

Unfortunately, this often teaches the IT department a nasty lesson about its legal responsibilities.

As a broad summary, an IT department must not only reactively store records. It must also make a proactive attempt to keep records that may not naturally fall within IT's ambit.

What's the difference? Most IT directors know they must be able to access emails to supply to a court on request. But did you realise that you may also be required to produce a backup copy of emails that have been deleted?

If you do, you might as well let them be "shredded".

That creates a bad impression of your company in court.

So as you must keep tax records and the like for at least six years, a similar timeframe is suggested for backups of key information, particularly financials, dealings with suppliers and customers, and email.

Taken from ITRM