Managing e-Discovery and Reducing Storage Size
Storing Archives in PST Files?
E-discovery law motivates corporations and other enterprises to retain more employee and executive e-mail, and to archive it for longer periods. But that leads to voluminous archives, which can be expensive and burdensome.
Spoliation
Historically corporate policy tried to restrain the quantity of e-mail archives by deleting e-mail quickly (such as 180 days), while charging employees with responsibility to take special steps to retain important e-mails long term (e.g., print them out or store them in PST files). This policy has not fared well in courts because employees are not talented at sifting through their old e-mail and deciding which to keep and which to torch. That shifting is tedious, and a poor use of employee time.
The result of the policy is that important e-mails are not retained, which makes courts unhappy. Courts then punish corporations for "spoliation". See this video on email spoliation:
Employee Conflict of Interest
There is a second problem with an early-e-mail destruction policy. Employees have a conflict of interest when they deliberate whether to keep a particular business record after creation. As they assess a record in hindsight they may wish the record never existed – perhaps because the record reflects poorly on them – even though retention of the record would be in their employer's best interest.
(Example: A lazy purchasing professional gets an e-mail from her contact at a key supplier, alerting her that prices will jump next month. The professional ignores the message, but three months later she realizes that was a big mistake. She should have placed a special order before the price increase. If the professional now knows her boss is upset about rising costs and will soon open a full review of her performance, she prefers that the record of that old message vanish. Her preference is in conflict with her employer's interest in evaluating her job performance.)
Email Records are Employer Assets
Records of substantive e-mail, and other communications such as instant or text messages (including cell/mobile phone text), are assets of the employer. The employer has reason to store all substantive messages centrally – so employees cannot destroy them after transmission. In lawsuits, these assets help an employer assess whether it was in the right or the wrong and help it prosecute its case.
Personal Messages
But some employee e-messages are not substantive business communications. They are personal, or they are general information like newsletters. If stored, personal and general information messages can needlessly consume lots of space.
So here's an idea for public discussion: An employer might give each employee two types of message accounts, one for substance and one for personal communication and general news. The employer can then focus resources on retaining what passes through the substantive account, while devoting much fewer resources to retaining what passes through the other account. In fact, the other account might be a free web account like Outlook.com.
Now, is it possible employees will occasionally use their "other" account for substantive business so that no archives are retained (possibly contrary to the employer’s interest)? Yes. Employees will always have ways to send substantive business communications that are not well recorded/archived. (Low-tech example: if employees are really motivated, they can build a campfire on the roof of their office building and transmit smoke signals to any colleagues within eyesight!)
However, this problem is manageable. First, company policy can insist that all substantive e-mail, text and IM pass through (or be copied to) the centrally-managed account designated for substantive communications. Failure to comply could elicit reprimand.
Second, the conflict of interest mentioned above is greater and more dangerous after a message is sent than before or when the message is sent. In business, employees rarely realize they are making a mistake at the time they make it. It is only later, after events have played out, that they realize, “Wow, I wish I had not made that decision, or wrote that e-mail, or ignored Sally’s warning.” That is the time when employees have the greatest personal interest in squelching records. But if the records have already been made and are under the employer’s centralized control, then the employee can’t delete them.
Personal Messages Belong on Smartphones
Update: As smart phones become more cheap and common, employers are wise to urge employees to take all of their personal e-communications to those phones and avoid the employers' computer networks for personal communication. Employees have incentive to take their personal messages out of the employers' networks. When employment ends, employees sometimes find they cannot access old records of precious personal e-mails, stored in the employers' systems. Joseph De Avila, "Wiped Out: Along with Jobs, Laid-Off Lose Photos, Emails," Wall Street Journal, April 30, 2009.
--Benjamin Wright
[Again, nothing I ever say in public is legal advice for any particular situation.]
This article is titled "How Long to Keep/Retain E-mail Records?" but curiously enough, nowhere within the article is a recommendation for a specific amount of time to keep/retain email records.
ReplyDeleteI don't believe there is a single, one-size-fits-all recommended retention period. However, I do see some enterprises try to impose a uniform short retention period like 180 days. As I say above, that period does not fare well. Therefore, as I say above, organizations are motivated to keep longer.
ReplyDeleteUnderstandably, what you'd like to know is exactly how much longer. I have led in-house workshops to address this question at numerous, diverse enterprises. The outcome of these workshops has varied, depending on many factors, including corporate culture.
In my experience, the best email retention policy is one that is developed by collaboration of the various stakeholder departments in the enterprise (legal, IT, HR, operations et al.). Normally, these different stakeholders will start with different positions on what the policy should say. But, in my experience, after the stakeholders have talked through the issues, they tend to compromise their positions and coalesce into a policy that is unique to the enterprise.
What do you think of that?
Adding to what I just said, I have seen a trend toward policies that keep email according to the role of the user. Example: 3 years for general staff and 7 years for top administrators. http://legal-beagle.typepad.com/wrights_legal_beagle/2008/09/medical-and-education-record-retention-and-purge-policy.html
DeleteThe policies I have seen will have certain exceptions to the 3-year and 7-year retention periods.
How does that strike you?