Consistent with our legal requirements and sound business practices, it is the policy of IntelePeer Cloud Communications LLC (“IntelePeer”) to retain and manage its business, financial, personnel and other Records (as defined in 6.0) in accordance with uniform guidelines, practices, and procedures. This Policy applies to all Records generated, maintained or received by IntelePeer in the ordinary course of business that have a specific business or legal purpose.
IntelePeer’s Records are important assets of IntelePeer and should be treated accordingly. Also the law may require that IntelePeer maintain certain types of Records, usually for a specified period of time. It is the intent of this Policy to insure that all Records necessary for business, legal and compliance purposes will be retained for a period of time (as set forth in Exhibit A – Retention Schedule) that will reasonably assure their availability when needed, but for no period of time longer than reasonably or legally necessary. Retention of the Records for the applicable minimum periods pursuant to this Policy can:
- Ensure that Records are accessible and available when needed;
- Reduce costs of storage and maintenance;
- Assist with the orderly operation of IntelePeer;
- Enhance security, uniformity and confidentiality;
- Protect Personnel and IntelePeer from penalties, fines or the loss of rights; and
- Advantage Personnel and IntelePeer in litigation by avoiding claims of obstruction of justice, spoilage of potential evidence, or of contempt of court.
For these reasons, IntelePeer expects all Personnel to fully comply with this Policy and its published records retention or destruction policies and schedules.
Legal, as the custodian of this Policy, will manage, supervise and direct departmental treatment of IntelePeer’s Records. Legal will be responsible for implementing the Policy, and will designate individuals in each department responsible for all day-to-day implementation of this Policy, under the supervision of Legal. However, all Personnel have responsibility for the administration of this Policy, based on each individual’s position, including without limitation the following tasks:
- Protecting the security and confidentiality of Records within their possession, custody or control in accordance with this Policy.
- Destroying Records only as required by this Policy, and preserving Records that are then-currently subject to a Legal Hold (set forth in Appendix B) or other exception (such as a contractual requirement), because the Policy is not intended to facilitate destruction of Records in violation of ethical or legal obligations, or to destroy evidence relating to litigation, audits or investigations.
- Applying this Policy to Records on personal computers and mobile devices, whether or not provided by IntelePeer, and to email Records, including any Records in personal or non-IntelePeer e-mail accounts.
- Participating in periodic reviews of Records, and audits to verify compliance with the requirements of this Policy.
- Seeking guidance from Legal (at firstname.lastname@example.org) with respect to any questions or uncertainties relating to the implementation of this Policy.
Compliance is mandatory and failure to follow these procedures may result in discipline up to and including termination. Because proper training is critical to facilitate a proper understanding of the Policy as well as ensure compliance, training on this Policy will be available to all Personnel.
Exceptions to this Policy may be granted by Legal if adequate cause exists and such exception is documented in writing. In the event of any question about this Policy, Personnel should consult with their supervisor and then Legal as necessary. If you have questions about configuring a technical solution to implement this Policy (such as creating email PST folders or securing your personal devices), please contact our IT Help Desk at email@example.com.
4.1 Identification of Records
4.1.1 Forms and Locations: Records may be found in many different forms and locations, some obvious, some not. Records are subject to this policy regardless of their medium, including without limitation electronic and hard copy versions. Electronic Records include without limitation hard drives, flash drives, CD’s and floppy discs, camera disks, mobile devices, printers, voicemails, laptops, phone messaging systems, cloud-based systems or sites (wiki), etc. Hard copy Records include without limitation paper documents, photographs, videos, files, etc. as well as certain tangible physical objects (like equipment or systems) created, received or maintained by IntelePeer.
4.1.2 Ownership: All Records created, maintained or received by IntelePeer are the property of IntelePeer and will be administered according to the policies and procedures set forth in this Policy. All Records pertaining to IntelePeer, which were created, received by or are maintained by IntelePeer and/or any Personnel, agents or contractors while acting within the course and scope of their employment, contractual or agency relationship, are subject to the requirements of this Policy whether such Records are located on IntelePeer property or elsewhere. In furtherance of this Policy (and in conjunction with any applicable Corporate Security Policies), IntelePeer also reserves the right, without notice, to inspect, copy, remove, or delete any Records located on its electronic communications systems, including without limitation instant messaging, email, voicemail or Microsoft Lync (or comparable unified communications solution).
4.2 Plan for Retention
All Personnel will retain Records pursuant to the current Retention Schedule attached as Appendix A. The Retention Schedule outlines the specific the period for which a Record must be preserved in accordance with this Policy, and after which a Record should be destroyed, in the absence of an applicable Legal Hold or other exception (“Retention Period”). If more than one category applies to a particular Record, then such Record should be retained for the longest Retention Period that the Retention Schedule specifies for the categories that apply to such Record.
Personnel are expected to use their independent and reasonable judgment to determine whether a particular document falls within one of the categories of retained Records listed in the Retention Schedule. Determinations regarding the treatment of any Records not identified specifically or by category in the Retention Schedule should be made primarily by the application of the general guidelines outlined in this Policy, as well as any other pertinent factors or exceptions that may exist. Upon identification of such a Record, all Personnel should also: (i) resolve any uncertainty in favor of retention of the Record; (ii) report the Record or category to their supervisor and Legal (at firstname.lastname@example.org) immediately; and (iii) await further instructions from Legal before destroying the Record.
4.3 Storage of Records
For those Records that are retained, departments should attempt to maintain a storage mechanism (such as a central filing system or a secure server), which ensures those Records are secure but also easily identifiable, classified, searchable and accessible. For example, when you determine that an email message is an official Record (and not a duplicate Record), please save the message (and any attachments) down to an appropriate long-term PST folder on an IntelePeer file server or the hard drive of your computer (within the backup path), in order to prevent automatic deletion and preserve the Record in accordance with the Retention Schedule.
Any Records stored offsite should be identified by category and location on a log kept on-site. To the extent use of Records on any personal devices, such as mobile devices, personal hard drive, personal computers, flash/thumb drives or other collateral locations, is required to perform a job function, Personnel must remove any Records from such devices upon completion of the task after such Records are stored in their appropriate location. All Records should be marked appropriately to facilitate proper retention and destruction in accordance with this Policy.
Once a final version of the Record has been created, departments should store the single copy of retained Records rather than maintaining several copies in various Personnel offices or on personal hard drives or electronic media. Any drafts or duplicates generally should not be retained, except pursuant to the Retention Schedule, or if the drafts or duplicates might be relevant to interpreting or understanding the resulting final Record in the reasonable judgment of Personnel in possession of the draft or duplicate. When determining whether retention of additional copies of that Record is necessary, Personnel should consider whether they are an official source for a particular Record and discuss any determinations with their supervisor and peers.
4.4 Destruction or Deletion of Records
No Record will be destroyed except in accordance with this Policy. Records are eligible for destruction when their Retention Periods specified in the Retention Schedule have expired; provided that all audit requirements have been satisfied, and there are no pending data requests, current Legal Holds or reasonably foreseeable investigation, audit, or litigation involving the Records. Personnel must complete the destruction when reasonably practicable following the expiration of the Retention Period.
The mode of destruction must retain the confidentiality and security of the Records and render them no longer recognizable as Records. Destruction methods should be used that provide that the Records are not capable of being reconstructed, including a shredder or secure shredding services available in our offices. Any permissible backup, draft and duplicate of the Record will also be destroyed contemporaneously with the original.
Records not subject to a Retention Period in the Retention Schedule, such as routine correspondence or notes with no further use or historical value, will not be kept longer than one (1) year. Similarly, on a periodic basis, Personnel must delete any e-mail messages (and attachments) that are no longer reasonably needed for business or legal purposes, unless such message or attachments are Records which such individual believes should be covered by a Retention Period. Any emails or attachments identified as a Record should be saved down to a PST folder on the hard drive of the computer and retained in accordance with the Retention Schedule. All remaining emails should be deleted pursuant to this Policy. In turn, IntelePeer will configure its email servers to automatically delete any emails older than one (1) year and not saved down to a PST folder. Although automatic deletion of aged emails will normally be suspended as necessary for a Legal Hold or other exception, Personnel should preserve any email covered by a Legal Hold by saving such email to an appropriately identified PST folder.
This policy will be enforced by the IT Manager and/or Executive Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property (physical or intellectual) are suspected, the company may report such activities to the applicable authorities.
IntelePeer will periodically review this Policy to audit compliance and identify any legal or business requirements warranting amendment. IntelePeer may at any time modify, waive, or revoke any portion of this Policy. If the Retention Schedule should be supplemented or modified due to additions or changes to Records or associated requirements, Personnel should notify Legal immediately. All substantive amendments will be in writing, approved by Legal, and effective after any necessary notifications and trainings.
Records – All forms of paper, file, information, document, data, physical object, recording, or picture which is relevant to the business of IntelePeer and created, maintained, used or retained by Personnel while acting within the course and scope of his or her employment or agency by any means. Examples of a Record include without limitation any computer files, email, handwriting, typewriting, printing, photographing, audio or video recording, photocopy, facsimile, business record, database, and any form of communication or representation, including letters, words, pictures, sounds or symbols or combinations, which relate to IntelePeer’s organization, legal obligations, functions, policies, research, decisions, procedures, operations, sales, designs, financial information, human resources information and other activities and procedures. Records may be created, maintained, or received by any of IntelePeer’s Personnel, offices, departments, laboratories, datacenters, worksites, offsite or “cloud” storage sites, and/or centers that pertain to IntelePeer business. Records may also be found on or in computers, servers, Employee’s personal (home) computers, Employee’s homes, mobile devices, cameras, sound recording equipment, voicemails, television equipment, copiers and printers, the internet and a plethora of other not-so obvious locations.
7.0 Revision History
Revision 1.0, 5/11/2011
Revision 1.1, 8/6/14
Revision 1.1, 2/23/16
Appendix A – Retention Schedule
Unless identified as a Record that requires Permanent retention, the Retention Period outlined below will refer to the number of years a Record must be kept after the year of its last usage, which, depending on the nature of the Record, could mean when the Record expires, is terminated, or is no longer actively in use. For any Records relating to customers or vendors, the Retention Period begins upon termination or expiration of all applicable service agreements. For any Records relating to employees, the Retention Period begins upon termination of the employment. For any Records relating to products, the Retention Period begins at the end of life of the product.
Appendix B – Legal Hold Process
A Legal Hold (also commonly referred to as a Litigation Hold) is an instruction issued by a IntelePeer officer, Legal, or a member or designee (such as IntelePeer’s outside lawyers) of Legal describing Records that, notwithstanding any other provision of this Policy, are to be retained and preserved and not destroyed or altered in the interest of legal compliance. A Legal Hold requires preservation of appropriate Records under special circumstances, such as litigation, government investigations, audits or consent decrees. Failure to follow the Legal Hold policies will result in discipline, up to and including termination.
The Retention Periods established by this Policy are subject to extension and the destruction procedures are subject to suspension due to imminent, reasonably likely or pending litigation or government investigation or audit. Litigation or governmental investigation is considered “pending” when filed in or by any court or other governmental body. Litigation or an investigation is “imminent” when IntelePeer has been advised by another party that such action will be initiated in the near future. Litigation or an investigation is “reasonably likely” when IntelePeer has reason to believe, based upon known facts, that (i) another party is preparing, reasonably likely to prepare or seriously considering initiating such action; or (ii) IntelePeer is likely to initiate litigation.
Personnel who have reason to believe that litigation or investigation is pending, imminent or reasonably likely must notify Legal (at email@example.com) immediately and preserve until instructed otherwise any Records related to the matter, whether the document tends to prove or refute the merits of the claim or charge. Personnel should err on the side of caution with regard to any pending, imminent or reasonably likely litigation or investigation until directed otherwise by Legal.
When litigation or an investigation is pending, imminent, or reasonably likely, Legal will issue a Legal Hold to preserve all relevant Records, which means all destruction procedures relating to such Record(s) shall be immediately suspended until Legal has communicated to Personnel that the matter is finally resolved. Legal, with the assistance of Personnel, will determine and identify what Records are required to be placed under a Legal Hold for a particular matter. Legal or designated outside counsel will notify responsible IntelePeer Personnel if a Legal Hold is placed on Records for which such Personnel are responsible or have in their possession, custody or control. Such notification will include a memorandum explaining to Personnel the nature of the event triggering the Legal Hold, the Records covered by the Legal Hold and necessary instructions.
Personnel so notified will locate and preserve all the applicable Records relevant to the Legal Hold. Preservation of a Record includes not only preservation of the Record itself, but also of any data that may be contained (or hidden) therein such as “metadata” and the like. If there are questions as to whether a particular Record is relevant to a Legal Hold, Personnel will protect the Record and consult with Legal (at firstname.lastname@example.org).
Any Legal Hold remains effective until released in writing by Legal. Once released, the affected Records will be subject to the handling procedures of this Policy and to the relevant provisions of the Retention Schedule, including being destroyed if necessary under the Policy or returned to the prior location if relocated as a result of the Legal Hold.