With some analysis of the Enron case, The Register's piece Shred It! says you should "establish a clear and reasoned and workable [document retention] policy ... [and ideally] automate the process of document destruction ... Your policy should ensure that it is applied to active and archived documents equally, and paper and electronic documents." However, things change if your organization is under investigation. "Once you know, or reasonably should know that particular documents or categories of documents may be relevant to an actual or anticipated investigation or litigation, your document destruction policy should be suspended." In other words, you must not artificially use the policy to destroy evidence.
More physical security and confidentiality links