Ensuring that one preserves the documents required by the full panoply of laws and regulations requires establishing an internal compliance process. Having such a program in place exhibits a good faith effort to comply with the regulations and can result in lower discovery sanctions or criminal penalties in the event that certain required documents are not available during a civil, regulatory or criminal proceeding.

On April 30, the United States Sentencing Commission sent Congress a set of changes to the federal sentencing guidelines. Unless Congress disapproves, these new guidelines will take effect on November 1, 2004. These guidelines delineate what is considered an effective compliance program, in particular taking into account the requirement of Sarbanes-Oxley.

"After studying the issues for two years and reviewing the 'best practices' of corporate America, the Commission believes this proposal will result in better and more thorough corporate compliance efforts," said Commissioner Michael E. Horowitz.

The guidelines detail seven elements that a compliance and ethics program must minimally include:

(1) The organization shall establish standards and procedures to prevent and detect criminal conduct.

(2) (A) The organization's governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.

(B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.

(C) Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.

(3) The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.

(4) (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals' respective roles and responsibilities.

(B) The individuals referred to in subdivision (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization's employees, and, as appropriate, the organization's agents.

5) The organization shall take reasonable steps- (A) to ensure that the organization's compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct; (B) to evaluate periodically the effectiveness of the organization's compliance and ethics program; and (C) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization's employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.

(6) The organization's compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.

(7) After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization's compliance and ethics program.

For the complete text of the proposed guidelines go to http://www.ussc.gov/2004guid/2004cong.pdf.

Hidden Data  (a brief article in this same Newsletter)

In 2002 we issued a warning about what can happen when a party releases Microsoft Word documents to the opposition without taking certain precautions. An instance of that made the news in March when the Lindon, Utah-based software firm The SCO Group, Inc. filed a complaint against Daimler Chrysler regarding its use of Linux software.

Examining the "hidden text" in the complaint revealed that it was originally prepared for filing against Bank of America, and included allegations against the bank and other parties that did not appear in the final version. In addition, the document contained notes and questions written by someone who had prepared or reviewed the document.

For further information on this problem and how to avoid it, please see the earlier article Protecting Confidential Data When Using Microsoft Word on our website at www.depo.com/wordsecure.htm. If you are using Windows XP together with the 2002 or 2003 versions of Word, Excel or PowerPoint, Microsoft also has a Remove Hidden Data tool available for free download.