Here's an article from my good friend and mentor, Robert Brownstone of Fenwick & West, and two other attorneys from his firm.
Ignore Sarbanes-Oxley at Your Peril
"Years after passage of the Sarbanes-Oxley Act of 2002, many companies still believe the act applies uniquely to public companies. In fact, private companies that ignore the act's obstruction-of-justice provisions do so at their peril. Two increasingly important provisions of Sarbanes-Oxley were set forth in §§ 802 and 1102 and codified, respectively, at 18 U.S.C. 1519 and 18 U.S.C. 1512(c). These provisions impose substantial criminal penalties on any individual or entity -- public or private -- for destruction of evidence or obstruction of justice regarding any actual or "contemplated" federal investigation, matter or official proceeding. A company therefore potentially could violate the law before an actual official governmental interest arises.
Thus, it is critical for every entity to ensure that its records-retention policy includes appropriate triggers -- called "litigation holds" -- to suspend the routine deletion of information for situations contemplated by §§ 802 and 1102. There is, however, an elephant in the room -- a "compliance gap" challenge that is of particular concern not only to quasi-governmental organizations but also to companies in heavily regulated industries facing routine government scrutiny. Those companies could find that an overbroad policy theoretically encompasses nearly all of their day-to-day work. Accordingly, those companies, even more than most, must balance the need for a practical records-retention policy with the need to comply with Sarbanes-Oxley's mandates."
